Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔌 Plugin: RHDA(Red Hat Dependency Analytics) #1648

Closed
2 tasks done
JudeNiroshan opened this issue May 14, 2024 · 1 comment
Closed
2 tasks done

🔌 Plugin: RHDA(Red Hat Dependency Analytics) #1648

JudeNiroshan opened this issue May 14, 2024 · 1 comment
Labels
status/triage

Comments

@JudeNiroshan
Copy link
Contributor

JudeNiroshan commented May 14, 2024
edited
Loading

🔖 Summary

Red Hat Dependency Analytics (RHDA) is an open-source tool that helps developers build secure applications by identifying vulnerabilities. It analyzes the open-source components used in an application and checks them against vulnerability databases. This allows developers to proactively address security risks early in the development process.

Introducing a backstage plugin will enable Backstage users to analyze software components for potential vulnerabilities and apply recommended remediations.

🌐 Project website (if applicable)

https://developers.redhat.com/products/trusted-profile-analyzer/overview
https://github.com/RHEcosystemAppEng/exhort
https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics

(PoC) - https://github.com/RHEcosystemAppEng/backstage-plugin-rhda

✌️ Context

To improve security across our software supply chain, this project proposes integrating the Red Hat Dependency Analytics (RHDA) plugin with Backstage. RHDA offers language-agnostic analysis for Java, JavaScript, Go, and Python projects. The RHDA Backstage plugin, with its three-layer architecture (frontend, backend, and RHDA executor container with pre-built language-specific executors), simplifies configuration through the Backstage plugin catalog XML. This integration streamlines the security analysis workflow within Backstage, enabling early vulnerability detection across diverse programming languages.

👀 Have you spent some time to check if this plugin request has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

Yes I am willing to submit a PR!
@github-actions github-actions bot added the jira label May 14, 2024
@jasperchui jasperchui removed the jira label May 15, 2024
@rhdh-bot
Copy link
Collaborator

rhdh-bot commented Sep 3, 2024

This issue has been closed due to the fact that the Janus community is being sunset.

For future plugin issues, please use https://github.com/backstage/community-plugins/issues

For future showcase issues, please use https://issues.redhat.com/browse/RHIDP

For more information on the sunset, see:

https://janus-idp.io/blog/2024/07/05/future-of-janus-community
https://issues.redhat.com/browse/RHIDP-3690
https://issues.redhat.com/browse/RHIDP-1018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jasperchui @JudeNiroshan @rhdh-bot