https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35984
Bug ID: 35984
Summary: automated static code analysis should include security
tests
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
A few libraries have asked recently if, prior to production/during the
development lifecycle, automated source code analysis tools are used to test
for security flaws specifically. Typically these questions are in relation to
processes like renewing cybersecurity insurance or initial discovery by a
potential partner library's security/IT department.
Perlcritic seems to be currently used, but as far as I can tell it appears the
tests are for enforcing the coding standard.
Using an automated tool to look for security flaws will be a beneficial
addition to the project, so I'd like to at least start the discussion here.
OWASP has an informational page for further reading:
https://owasp.org/www-community/controls/Static_Code_Analysis
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
