app-platform icon indicating copy to clipboard operation
app-platform copied to clipboard

Published 20 hours ago verified publisher icon dhis2

chore: add workflow for dependency-track

Open martinakraus opened this issue 10 months ago • 1 comments
trafficstars

Implements SEC-60

Key features

  1. Integration of Static Analysis Security Scanning Tool: Dependency Track: https://dtrack.security.dhis2.org/projects
  2. Running every night so it won't bother Developers

Description

Dependency Track will scan the created SBOM and analyze for CVEs and open vulnerabilities. Those reports will be evaluated by the security team and will be brought back to the dev teams if something crucial pops up

martinakraus avatar Jan 07 '25 11:01 martinakraus

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Jan 07 '25 11:01 sonarqubecloud[bot]

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Feb 19 '25 10:02 sonarqubecloud[bot]

:tada: This PR is included in version 12.4.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

dhis2-bot avatar Mar 12 '25 17:03 dhis2-bot