-
Static Code Analysis tools should be part of the CI workflow. Since this project isn't built in a CI workflow (due to sporadic enhancements), it should ideally be part of the mvn package step.
-
SAST
Veracode SCA Scan
Veracode IAC Scan
-
ssh
-
```
devguard-scanner/main.go:548 software composition analysis failed err="could not parse hexPrivKey\ncould not sign request\nmain.init.0.func2.scaCommandFactory.1\n\t/app/cmd/devguard-scanner/main.…
-
| Component | Action type | Main Issue
| --- | --- | ---
| SCA | Create |
This SCA will replace the default UNIX SCA that is currently being used.
## Main tasks
- [ ] Use…
-
C++ is a complex beast, and there is a number of static code analysis (SCA) tools which aim to help developers tame this complexity. The tools are run best as part of the build, _but_ they can be slow…
-
# Description
| Issue | Branch
|---|---|
| https://github.com/wazuh/wazuh/issues/23194 | https://github.com/wazuh/wazuh/tree/enhancement/23194-create-sca-policy-for-ubuntu-24-04-lts
@wazuh/devel…
-
/kind feature
**Describe the solution you'd like**
After a brief review of the vulnerabilities in an SCA scan, I'm curious if SCA scanning takes place for this repo? Using one SCA tool, 16 critica…
-
When going through the [quickstart guide](https://microsoft.github.io/sca-fuzzer/quick-start/#baseline-experiment), I run the following commands:
```bash
python3.9 -m pip install virtualenv
python3.9…
-