...
Following up on our call last week with the LFN infra workgroup and our action item :
https://wikilf-networking.lfnetworkingatlassian.orgnet/wiki/display/LN/LFN+Infra+Work+Group+1+Feb+19
I went ahead trying the SCM features and CI of github, my goal was to reach a point where I could replicate the verify job and see the hurdles I would face.
I did the following :
...
- Analyze the impact of your changes with Code Quality reports
- Manage the licenses of your dependencies with License Management
- Analyze your source code for vulnerabilities with Static Application Security Testing
- Analyze your running web applications for vulnerabilities with Dynamic Application Security Testing
- Analyze your dependencies for vulnerabilities with Dependency Scanning
- Analyze your Docker images for vulnerabilities with Container Scanning
- Determine the performance impact of changes with Browser Performance Testing
Static Application Security Testing
...