community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon zowe

Replace AppScan Static Code Analysis

Open nkocsis opened this issue 2 years ago • 1 comments

I don't find the AppScan Code Analysis tool user friendly. Can this be replaced with another tool.

I see possible options like Veracode https://www.veracode.com/products/binary-static-analysis-sast

I see that we already run Veracode's Dynamic code tool so it seems like we have a license https://github.com/zowe/security-reports/blob/master/Veracode/DetailedReport_Zowe_12_Jun_2022.pdf (Access required)

nkocsis avatar Sep 02 '22 16:09 nkocsis

@timgerstel Tim updated the security team that we do run another Static Code Scan using Polaris and Mark @MarkAckert said that we also run sonarCloud. We need to decide if a formal adoption by squad is needed.

nkocsis avatar Sep 08 '22 12:09 nkocsis

No objections to closing the issue and removing the static code scan analysis.

balhar-jakub avatar May 18 '23 10:05 balhar-jakub