Comments (3)
Rana-KV
commented on May 28, 2024
1
Hey @JeanChristopheMorinPerso and @maxnbk, I'm somewhat familiar with Semgrep and CodeQL. I've had some experience with CNCF TAG security during security assessments and came across a few SAST tools they use. I'm planning to dig up some more info on this. Also, @milind-daftari has experience with enterprise-level SAST solutions like Veracode and SonarQube, we planned to do this SAST integration together. I'll hit you up on Slack to chat more about this.
from rez.
Rana-KV
commented on May 28, 2024
Hi @JeanChristopheMorinPerso, I'm interested to pursue this topic and work on SAST implementation. I would like to work on the Issue if it is not already taken.
from rez.
JeanChristopheMorinPerso
commented on May 28, 2024
Hi @Rana-KV! Nobody "started" work on this yet. I use quotes because I did start to look into semgrep to get myself more familiar with it. One of my co-maintainer (@maxnbk) also has experience with semgrep.
Do you have experience with it or with CodeQL or both? Or would like you to suggest another tool instead of these? Feel free to suggest other options and tell us how we could integrate one or multiple SAST tools in our repo!
Also, if you want to have a chat with us about this, please join us on Slack (https://slack.aswf.io, in the #rez channel).
from rez.
Related Issues (20)
- Replace `rez.utils.data_utils.cached_property` with `functools.cached_property` HOT 3
- TSC Meeting 2024-02-15
- Support virtualenv during installation
- Remove `rez.utils.py23`
- Replace usages of `rez.vendor.enum` with the built-in enum module HOT 1
- Add `SECURITY.md` (security policy, threat model, etc)
- Improve contributing guidelines
- Implement OpenSSF Scorecard
- Track code coverage
- Refresh "Getting Started" documentation
- Document how to communicate with maintainers and report issues HOT 1
- Address python warnings
- Sign release artifacts and git tags
- Simplify plugin development by supporting entrypoint based plugins
- Access to package.py path in early bind functions HOT 1
- Access denied while renaming folder via rez cp from Windows
- Unvendor dependencies HOT 11
- build usd error
- Modernize data validation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rez.