-
Type: Task
-
Status: Open (View Workflow)
-
Priority: Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Environment:
We'd like to include ONOS software repositories into the security scan so that security requirements are met.
We would recommend to integrate [FindSecBugs|https://find-sec-bugs.github.io/] as a security tool for static code analysis.
An example for the Maven integration of FindSecBugs can be found: https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration.The tools may run with the flag "allow_failure: true" inside the CICD pipeline, meaning developers can push and build changes even though the tools report an issue.
The affected repository is https://github.com/opennetworkinglab/onos
We'd like to include ONOS software repositories into the security scan so that security requirements are met. We would recommend to integrate [FindSecBugs| https://find-sec-bugs.github.io/ ] as a security tool for static code analysis. An example for the Maven integration of FindSecBugs can be found: https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration . The tools may run with the flag "allow_failure: true" inside the CICD pipeline, meaning developers can push and build changes even though the tools report an issue. The affected repository is https://github.com/opennetworkinglab/onos
We'd like to include ONOS software repositories into the security scan so that security requirements are met.
We would recommend to integrate [FindSecBugs|https://find-sec-bugs.github.io/] as a security tool for static code analysis.
An example for the Maven integration of FindSecBugs can be found: https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration.
The tools may run with the flag "allow_failure: true" inside the CICD pipeline, meaning developers can push and build changes even though the tools report an issue.
The affected repository is https://github.com/opennetworkinglab/onos