zarn icon indicating copy to clipboard operation
zarn copied to clipboard

Published 20 hours ago verified publisher icon htrgouvea

Add SCA to monitor dependencies

Open htrgouvea opened this issue 1 year ago • 1 comments

Using an SCA (Software Composition Analysis) is super important for code integrity and application security. There is no SCA present in this repository yet, so I am opening this issue to plan this activity.

Reference: https://owasp.org/www-community/Component_Analysis

htrgouvea avatar Nov 09 '23 14:11 htrgouvea

I have separated some tools that I believe we could use here, but we still need to evaluate Perl support. I also noticed that @htrgouvea started a new tool warn-cpan.

Some SCA tools free to our use here:

And if necessary in the future install a security gate we could use something like SecurityGoat

andersonbosa avatar Nov 29 '23 15:11 andersonbosa