EDS pipeline - Security Code Scanning

Code Scanner for vulnerability scanning

Issue Link: #139 (comment 376213)

Value

  • Early threat detection of security vulnerability
  • Planning of risk mitigation effort to ensure minimal vulnerability risk
  • Cost Savings of fixing vulnerability is cheaper than dealing with cyber security breach
  • Continuous vulnerability monitoring of product

Related to OSDU infoSec requirements

(Recommended, but not required) OSDU’s InfoSec Committee has established processes for securing code developed as part of the OSDU Platform. This includes things like:

  • Pen Testing requirements
  • CI/CD Pipeline security scans

A final determination of alignment is provided by the PMC in order to fulfill this criterion.

Link: README.adoc · main · OSDU Forum / OSDU Subcommittees / Business Model and Outreach / Business Model and Outreach Project Teams / Certification Project Team / Certification Project Team Work Products / Maturity Model · GitLab

Edited by Teo Sheng Pu