Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

Security vulnerabilities responsible disclosure

Read the FINOS security vulnerabilities responsible disclosure document to know how security incidents are managed across FINOS projects. Use WhiteSource to configure your FINOS project for automated scanning.


In order to assess SecurityQuality and /wiki/spaces/FINOS/pages/75530375 of software hosted by the Foundation, project leads and committers can configure integrations with third-party systems that are provided by the Foundation; the result of these processes can be published in the project's documentation to improve the final consumer experience and when /wiki/spaces/FINOS/pages/75530376.

Below is the list of code validation systems currently available, ordered by features and languages supported.

Generating page properties report...


Below is a matrix of features and languages.


C#ClojureJavaJavascriptPython
Legal compliance
Check libraries for problematic/undefined licensesWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Generates legal reportsWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Security
Scans code for security vulnerabilitiesCoverityScanSonarCloud 
CodeClimateCoverityScan, SonarCloudCodeClimate, NodeSecuritySonarCloud
Check libraries for security vulnerabilitiesWhiteSourceWhiteSourceWhiteSourceWhiteSource, /wiki/spaces/FDX/pages/75530297WhiteSource
Quality
Measures test coverageSonarCloud
CodeClimateSonarCloudCodeClimateSonarCloud
Check libraries for bugsWhiteSourceWhiteSourceWhiteSourceWhiteSource/wiki/spaces/FDX/pages/75530297WhiteSource
Check libraries for outdated versionsWhiteSourceWhiteSourceWhiteSourceWhiteSource/wiki/spaces/FDX/pages/75530297WhiteSource
Check unused libraries


/wiki/spaces/FDX/pages/75530297
Check libraries for release activityWhiteSourceWhiteSourceWhiteSourceWhiteSourceWhiteSource
Scans code for hacks and todos


/wiki/spaces/FDX/pages/75530297
Scans code for bad practicesCoverityScan
CodeClimateCoverityScanCodeClimate
Scans code for bugsCoverityScan
CoverityScan

Below is the list of validation tools currently documented by the Foundation.


  • No labels

Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.