Hi Mark, I have sent the PR of integration of TOIF in to apache-fineract at https://github.com/apache/fineract/pull/397/. Please review it and let me know what to be updated. Currently the task doesn't run after the build, due to time concerns. It takes a bit of time to complete.
Any one interested can run the task by the command "./gradlew toif". This will generate the reports in apache-fineract/build/reports/toif folder. Please review the housekeeping.txt, which has the information about the organization and let me know if any updates are needed. Hope to integrate a mechanism to visualize these findings. Thanks and regards On Mon, Jul 24, 2017 at 9:07 AM, Thisura Philips <[email protected]> wrote: > Hi Mark, > > As I have mentioned, I have done the integration with apache-fineract. I > have faced with the following problems. > Please see the updated PR at https://github.com/ThisuraThejith/incubator- > fineract/pull/2 > > 1) The task takes more than half an hour at times to complete. > 2) The result is a set of xml format files. We need to find out a way to > show the results graphically. That will help the developers to identify the > security vulnerabilities easily. > > Currently, I have integrated it as a gradle task. Since it takes a lot of > time to complete, didn't include in the build task. > > It would be nice if we can discuss on the above improvements and start > working on that. > > Thanks & Regards > > On Wed, May 17, 2017 at 10:54 PM, Mark Reynolds <[email protected]> wrote: > >> Thisura, >> >> Yes, we can move ahead with the plan. >> >> >> On Mon, May 15, 2017 at 8:11 AM, Ed Cable <[email protected]> wrote: >> >> > Mark, >> > >> > Can you please review the previous email of Thisura's so he can proceed >> > ahead. >> > >> > Ed >> > >> > On Sun, May 14, 2017 at 9:47 PM, Thisura Philips <[email protected]> >> > wrote: >> > >> >> Hi all, >> >> >> >> Shall we move on with the above plan? Any suggestions from the >> community >> >> are highly appreciated. >> >> >> >> >> >> >> >> >> >> On Wed, Apr 19, 2017 at 7:00 AM, Thisura Philips <[email protected] >> > >> >> wrote: >> >> >> >> > >> >> > Hi all, >> >> > >> >> > I have done a POC for the $ubject at github >> >> > <https://github.com/ThisuraThejith/incubator-fineract/tree/ >> develop-TOIF >> >> > >> >> > [1]. The change set it shown at here >> >> > <https://github.com/ThisuraThejith/incubator-fineract/pull/1> [2]. >> >> Please >> >> > review this and let me know your ideas to improve the integration. >> As of >> >> > now I have done the following things. >> >> > >> >> > >> >> > - >> >> > >> >> > Added toif directory into fineract-provider which includes >> >> > - report (folder which includes the TOIF reports) >> >> > - housekeeping >> >> > - toifscan.py >> >> > - >> >> > >> >> > Added two TOIF adapters for Findbugs and JLint >> >> > - >> >> > >> >> > Added gradle task to manually run after gradle build. Later we can >> >> add >> >> > it as a task which will run automatically run after build. >> >> > >> >> > (Only 6 reports files for scanning two classes attached since there >> are >> >> > lot of files after scanning) >> >> > >> >> > >> >> > Going forward, we can do the following improvements. >> >> > >> >> > >> >> > * Move the reports in the report folder(mentioned above) into >> >> > build/reports/toif. >> >> > >> >> > * Run the gradle task "toif", at the end of the build. >> >> > >> >> > >> >> > Please let me know your ideas to improve the integration. >> >> > >> >> > >> >> > >> >> > [1] https://github.com/ThisuraThejith/incubator-fineract/tree/ >> >> develop-TOIF >> >> > [2] https://github.com/ThisuraThejith/incubator-fineract/pull/1 >> >> > >> >> > Thanks & Regards >> >> > -- >> >> > T.T.C Philips (BSc.Eng (Undergrad)) >> >> > Computer Science and Engineering, >> >> > Sri Lanka Institute of Information Technology(SLIIT) >> >> > >> >> > >> >> > >> >> > >> >> >> >> >> >> -- >> >> T.T.C Philips (BSc.Eng (Undergrad)) >> >> Computer Science and Engineering, >> >> Sri Lanka Institute of Information Technology(SLIIT) >> >> >> > >> > >> > >> > -- >> > *Ed Cable* >> > President/CEO, Mifos Initiative >> > [email protected] | Skype: edcable | Mobile: +1.484.477.8649 >> > <(484)%20477-8649> >> > >> > *Collectively Creating a World of 3 Billion Maries | *http://mifos.org >> > <http://facebook.com/mifos> <http://www.twitter.com/mifos> >> > >> > >> > > > > -- > T.T.C Philips (BSc.Eng (Undergrad)) > Computer Science and Engineering, > Sri Lanka Institute of Information Technology(SLIIT) > > > > -- T.T.C Philips (BSc.Eng (Undergrad)) Computer Science and Engineering, Sri Lanka Institute of Information Technology(SLIIT)
