Connect, collect, transform, visualise, and interact with your Industrial Data in a single platform. Use FlowFuse to manage, scale and secure your Node-RED solutions.
As part of our commitment to offering secure and reliable services, our company provides customers with certified nodes, ensuring that they are safe and free from harmful elements. These nodes, initially checked manually using resources like Sandworm audits and njsscan via FlowFuse's certified-nr-nodes, require regular reviews due to the ever-evolving threat landscape and frequent package updates.
Task
Develop a system that automates the scanning of these NPM packages, shifting from our previous manual approach to a more efficient and consistent automated routine. This system would need to integrate tools like Sandworm and njsscan, perform scans on a predetermined schedule (weekly), and flag any potential issues for immediate review
Alternative Approach: Utilizing GitHub for Vulnerability Scanning of Cloned NPM Packages
Instead of building and maintaining a custom solution, we clone all certified NPM packages into one GitHub repository. GitHub offers automated security scanning features, which we can use to our advantage. Challenge here is to keep everything up-to date.
MarianRaphael
commented
1 year ago
Background
As part of our commitment to offering secure and reliable services, our company provides customers with certified nodes, ensuring that they are safe and free from harmful elements. These nodes, initially checked manually using resources like Sandworm audits and njsscan via FlowFuse's certified-nr-nodes, require regular reviews due to the ever-evolving threat landscape and frequent package updates.
Task
Develop a system that automates the scanning of these NPM packages, shifting from our previous manual approach to a more efficient and consistent automated routine. This system would need to integrate tools like Sandworm and njsscan, perform scans on a predetermined schedule (weekly), and flag any potential issues for immediate review
Alternative Approach: Utilizing GitHub for Vulnerability Scanning of Cloned NPM Packages Instead of building and maintaining a custom solution, we clone all certified NPM packages into one GitHub repository. GitHub offers automated security scanning features, which we can use to our advantage. Challenge here is to keep everything up-to date.