Uploaded image for project: 'ONOS'
  1. ONOS
  2. ONOS-8109

Activate CI security tools / scans for ONOS software repository

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      Description

      We'd like to include ONOS software repositories into the security scan so that security requirements are met. 

      We would recommend to integrate [FindSecBugs|https://find-sec-bugs.github.io/] as a security tool for static code analysis. 
      An example for the Maven integration of FindSecBugs can be found: https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration

      The tools may run with the flag "allow_failure: true" inside the CICD pipeline, meaning developers can push and build changes even though the tools report an issue.

      The affected repository is https://github.com/opennetworkinglab/onos

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            breathbath Andrey Pozolotin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: