Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requirement: Static source code analysis daily or per commit #985

Closed
UlisesGascon opened this issue May 12, 2023 · 4 comments
Closed

Requirement: Static source code analysis daily or per commit #985

UlisesGascon opened this issue May 12, 2023 · 4 comments
Labels
CII-best-practices discussion

Comments

@UlisesGascon
Copy link
Member

Original discussion: https://github.com/nodejs/security-wg/pull/954/files#r1167970826 @mhdawson @tniessen

It is SUGGESTED that static source code analysis occur on every commit or at least daily.

Currently this requirement is UNMET
@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Merged
@tniessen
Copy link
Member

Coverity is supposed to be updated at least daily. However, it currently says that the last build was a month ago. I am still unclear as to how we submit build requests, cc @nodejs/build.

@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Open
@richardlau
Copy link
Member

Coverity is supposed to be updated at least daily. However, it currently says that the last build was a month ago. I am still unclear as to how we submit build requests, cc @nodejs/build.

node-daily-coverity runs the scanning tool daily and submits the results to Coverity. The uploads are being rejected: nodejs/build#3343

@mhdawson
Copy link
Member

I think the requirement is met, we just need to get coverity going again.

UlisesGascon added a commit to UlisesGascon/security-wg that referenced this issue May 17, 2023
@UlisesGascon
docs: static source code analysis is a met criteria
ac1e6c7 
As discussed in nodejs#985
@UlisesGascon
Copy link
Member Author

Thanks for the additional information. I updated the PR in ac1e6c7 👍

@mhdawson mhdawson mentioned this issue May 22, 2023
Closed
@mhdawson mhdawson mentioned this issue Jun 5, 2023
Closed
RafaelGSS added a commit that referenced this issue Jun 8, 2023
@UlisesGascon @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
a55ed1d 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in #985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
patrickm68 added a commit to patrickm68/security-wg-process that referenced this issue Sep 14, 2023
@patrickm68 @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
38c00af 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in nodejs/security-wg#985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
mattstern31 added a commit to mattstern31/security-wg-process that referenced this issue Nov 11, 2023
@mattstern31 @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
6ae3d25 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in nodejs/security-wg#985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CII-best-practices discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tniessen @UlisesGascon @richardlau @mhdawson @RafaelGSS