Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Requirement: Static source code analysis daily or per commit #985

Closed
UlisesGascon opened this issue May 12, 2023 · 4 comments
Closed

Requirement: Static source code analysis daily or per commit #985

UlisesGascon opened this issue May 12, 2023 · 4 comments
Labels
CII-best-practices discussion

Comments

@UlisesGascon
Copy link
Member

Original discussion: https://github.com/nodejs/security-wg/pull/954/files#r1167970826 @mhdawson @tniessen

It is SUGGESTED that static source code analysis occur on every commit or at least daily.

Currently this requirement is UNMET
@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Merged
@tniessen
Copy link
Member

Coverity is supposed to be updated at least daily. However, it currently says that the last build was a month ago. I am still unclear as to how we submit build requests, cc @nodejs/build.

@UlisesGascon UlisesGascon mentioned this issue May 12, 2023
Open
@richardlau
Copy link
Member

Coverity is supposed to be updated at least daily. However, it currently says that the last build was a month ago. I am still unclear as to how we submit build requests, cc @nodejs/build.

node-daily-coverity runs the scanning tool daily and submits the results to Coverity. The uploads are being rejected: nodejs/build#3343

@mhdawson
Copy link
Member

I think the requirement is met, we just need to get coverity going again.

UlisesGascon added a commit to UlisesGascon/security-wg that referenced this issue May 17, 2023
@UlisesGascon
docs: static source code analysis is a met criteria
ac1e6c7 
As discussed in nodejs#985
@UlisesGascon
Copy link
Member Author

Thanks for the additional information. I updated the PR in ac1e6c7 👍

@mhdawson mhdawson mentioned this issue May 22, 2023
Closed
@mhdawson mhdawson mentioned this issue Jun 5, 2023
Closed
RafaelGSS added a commit that referenced this issue Jun 8, 2023
@UlisesGascon @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
a55ed1d 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in #985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
patrickm68 added a commit to patrickm68/security-wg-process that referenced this issue Sep 14, 2023
@patrickm68 @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
38c00af 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in nodejs/security-wg#985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
mattstern31 added a commit to mattstern31/security-wg-process that referenced this issue Nov 11, 2023
@mattstern31 @marco-ippolito
@tniessen @RafaelGSS
CII-Best-Practices for Nodejs: Entry level (#954)
6ae3d25 
* feat: copied passing criterial Questions and Answers

* fix: updated link

See: https://github.com/nodejs/security-wg/pull/954/files#r1179648034

* docs: static source code analysis is a met criteria

As discussed in nodejs/security-wg#985

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Tobias Nießen <tniessen@tnie.de>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

* Update tools/ossf_best_practices/passing_criteria.md

---------

Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Co-authored-by: Tobias Nießen <tniessen@tnie.de>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
CII-best-practices discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tniessen @UlisesGascon @richardlau @mhdawson @RafaelGSS