Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Security vulnerabilities responsible disclosure

Read the FINOS security vulnerabilities responsible disclosure document to know how security incidents are managed across FINOS projects.


In order to assess SecurityQuality and /wiki/spaces/FINOS/pages/75530375 of software hosted by the Foundation, project leads and committers can configure integrations with third-party systems that are provided by the Foundation; the result of these processes can be published in the project's documentation to improve the final consumer experience and when /wiki/spaces/FINOS/pages/75530376.

Below is the list of code validation systems currently available, ordered by features and languages supported.

Generating page properties report...


Below is a matrix of features and languages.


C#ClojureJavaJavascriptPython
Legal compliance
Check libraries for problematic/undefined licensesWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Generates legal reportsWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Security
Scans code for security vulnerabilitiesCoverityScanSonarCloud 
CodeClimateCoverityScan, SonarCloudCodeClimate, NodeSecuritySonarCloud
Check libraries for security vulnerabilitiesWhiteSourceWhiteSourceWhiteSourceWhiteSource, /wiki/spaces/FDX/pages/75530297WhiteSource
Quality
Measures test coverageSonarCloud
CodeClimateSonarCloudCodeClimateSonarCloud
Check libraries for bugsWhiteSourceWhiteSourceWhiteSourceWhiteSource/wiki/spaces/FDX/pages/75530297WhiteSource
Check libraries for outdated versionsWhiteSourceWhiteSourceWhiteSourceWhiteSource/wiki/spaces/FDX/pages/75530297WhiteSource
Check unused libraries


/wiki/spaces/FDX/pages/75530297
Check libraries for release activityWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Scans code for hacks and todos


/wiki/spaces/FDX/pages/75530297
Scans code for bad practicesCoverityScan
CodeClimateCoverityScanCodeClimate
Scans code for bugsCoverityScan
CoverityScan

Below is the list of validation tools currently documented by the Foundation.


  • No labels

Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.