...
- Use full paths for the programs you are executing. Note: While this can be done for shell scripts, this is most useful for non-shell scripts. For example,
- shell:
/bin/ls -l file
...
the use of code quality tool help the developper developer to fixe fix vulnerabilities early the vulnerability.
Inside the community, sonarcloud is the reference.
- https://sonarcloud.io/features (Detect, understand, and fix issues in your code, at the very earliest in your workflow)
- https://sonarcloud.io/organizations/onap/projects?sort=name (ONAP project)
Checking results and fix it fixing them regularly are one way to reduce risk
Software Composition Analysis
Like Code quality evalutionevaluation, the software compositio Analys help the communauty to reduce the software composition analysis helps the community reduce its risk.
https://snyk.io/blog/what-is-software-composition-analysis-sca-and-does-my-company-need-it/
What Is a software composition analysis (SCA)?
Software Composition Analysis (SCA) is an application security methodology for managing open source components. Using SCA, development teams can quickly track and analyze any open-source component brought into a project. SCA tools can discover all related components, their supporting libraries, and their direct and indirect dependencies. SCA tools can also detect software licenses, deprecated dependencies, as well as vulnerabilities and potential exploits. The scanning process generates a bill of materials (BOM), providing a complete inventory of a project’s software assets.
The community use uses whitesource and Nexus-IQ.
>>More information Code Scanning Tools and CI
Use
...
Safe and Secure Docker Images
To build ONAP images, the community provides secure docker images. These images , which are built from Alpine images.
- https://git.onap.org/integration/docker/onap-java11/about/
- https://git.onap.org/integration/docker/onap-python/about/
These images reduce the risk of threats, ; please use itthem.