Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Static Source Code Scanning #801

Closed
prb112 opened this issue Mar 17, 2020 · 4 comments · Fixed by #1443
Closed

Implement Static Source Code Scanning #801

prb112 opened this issue Mar 17, 2020 · 4 comments · Fixed by #1443
Assignees
@prb112
Labels
automation automation security showcase Used to Identify End-of-Sprint Demos
Milestone
Sprint 16

Comments

@prb112
Copy link
Contributor

prb112 commented Mar 17, 2020
edited
Loading

Implement Static Source Code Scanning

  • Investigate SonarCube, ASOC, AppScan
  • Implement as part of pipeline
  • come up with a false positive strategy... AppScan Java Annotation

cc: @senthilbak
@smhdfdl
Copy link

smhdfdl commented Mar 23, 2020

HCL AppScan has flagged a couple of issues in the fhir-validation assembly, see attached.

AppScan_Report.pdf

@prb112
Copy link
Contributor Author

prb112 commented Mar 23, 2020

I'll let Lee respond. I don't think this is the right issue to track the issues you mention @smhdfdl

@smhdfdl
Copy link

smhdfdl commented Mar 23, 2020

I agreed it with Lee

@prb112 prb112 self-assigned this Apr 27, 2020
@lmsurpre lmsurpre added this to the Sprint 14 milestone Jun 19, 2020
@prb112 prb112 modified the milestones: Sprint 14, Sprint 15 Jul 20, 2020
@lmsurpre lmsurpre modified the milestones: Sprint 15, Sprint 16 Aug 5, 2020
prb112 added a commit that referenced this issue Aug 25, 2020
@prb112
Merge pull request #1443 from prb112/issue-801
3831755 
Implement Static Source Code Scanning #801
@prb112 prb112 linked a pull request Aug 25, 2020 that will close this issue
Implement Static Source Code Scanning #801 #1443
Merged
@lmsurpre
Copy link
Member

Paul to schedule a deep dive to review this with rest of team.

@prb112 prb112 added the showcase Used to Identify End-of-Sprint Demos label Aug 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prb112 prb112

Labels
automation automation security showcase Used to Identify End-of-Sprint Demos
Projects
None yet
Milestone
Sprint 16
Development

Successfully merging a pull request may close this issue.

Implement Static Source Code Scanning #801
3 participants
@prb112 @smhdfdl @lmsurpre