htrgouvea / fuzzpm Goto Github PK

It is necessary to add ZARN (github.com/htrgouvea/zarn) as a SAST resource to check for security issues in all codes that are inserted into this repository.

Ideally, this is a step that you execute with each new PR.

The integration of unit testing is not merely a best practice but a crucial step toward ensuring the reliability and resilience of our codebase. By conducting targeted tests on individual components, we fortify our project against bugs, elevate code stability, and lay the foundation for seamless collaboration.

Unit testing offers early bug detection, instills confidence during refactoring, and serves as living documentation for our code. In our context, it translates to enhanced code quality, improved collaboration, and accelerated development.

To kickstart this process, let's identify critical components, select a fitting testing framework, craft comprehensive test cases, and seamlessly integrate tests into our CI/CD pipeline.

The idea here is to use FuzzPM itself to fuzz the dependencies of:

https://github.com/htrgouvea/spellbook
https://github.com/htrgouvea/nozaki
https://github.com/htrgouvea/nipe
https://github.com/htrgouvea/fuzzpm
https://github.com/htrgouvea/harpoon
https://github.com/htrgouvea/zarn

The objective is to implement a continuous process, perhaps using Github Actions so that this fuzzing process tries to find bugs in the dependencies and thus help increase the security maturity of each of the projects.

Using an SCA (Software Composition Analysis) is super important for code integrity and application security. There is no SCA present in this repository yet, so I am opening this issue to plan this activity.

Reference: https://owasp.org/www-community/Component_Analysis