Uploaded image for project: 'Daffodil'
  1. Daffodil
  2. DFDL-1379

Add security scan tool to build cycle

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0
    • Fix Version/s: deferred
    • Component/s: Infrastructure
    • Labels:
      None

      Description

      There are free or low-cost tools from Black Duck and Sonatype which are scanners that examine the specific versions of OSS components in a system and which report on their known security vulnerabilities.

      E.g., http://www.businesswire.com/news/home/20150618005073/en/Black-Duck-Releases-Free-Vulnerability-Plugin-Open#.VYP9u_lViko

      (Perhaps atlassian - which is the tool set - mostly - at ncsa.illinois.edu, also has one of these?)

      We should look into adding one of these to our build process. It goes hand in hand with the tool we use to gather up and generate the license pages, and given the kinds of applications in network security that people discuss using DFDL for, this would be a value-add.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              mbeckerle.dfdl Mike Beckerle
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Tasks

                  Progress: 
                   0/0