Handle edge cases for BouncyCastle library

IBM / sonar-cryptography

This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.

Apache License 2.0

18 stars 1 forks source link

Open hugoqnc opened 2 weeks ago

hugoqnc commented 2 weeks ago

[ ] Investigate if capturing elliptic curves is possible
[ ] Handle cases where crypto assets have multiple nodes of the same type at the same level (like two digests)
[ ] Handle all static fields
[ ] Better handle enrichment: move all the enriched content currently in translation to enrichment
[ ] Look into missing classes in org.bouncycastle.crypto: is there missing information?