Guide on Code Security Scanning

NASA-AMMOS / slim

Software Lifecycle Improvement & Modernization

https://nasa-ammos.github.io/slim/

Apache License 2.0

24 stars 9 forks source link

Guide on Code Security Scanning #148

Open ingyhere opened 3 months ago

ingyhere commented 3 months ago

Purpose

Add new security scanning guide focused on the NASA SCRUB tool
Proposed Changes
[ADD] README contents
Issues
25

Testing
Locally tested with sample repository: full scan, pre-commit hook
See rendered guide here: https://github.com/NASA-AMMOS/slim/tree/issue_25/docs/guides/software-lifecycle/security/security-scanning

riverma commented 3 months ago

@ingyhere - just a note, adding labels for the type of SLIM best practice category each PR applies to (i.e. governance, software lifecycle, information sharing) helps to make future release notes more readable. See information about categories here.

Also - adding the SLIM Project Board in the PR right hand menu, and tagging the status as well as the iteration helps people understand the time line for the PR.

ingyhere commented 2 months ago

@ingyhere - just a note, adding labels for the type of SLIM best practice category each PR applies ...

Also - adding the SLIM Project Board in the PR right hand menu, and tagging the status ...

Done

nutjob4life commented 1 month ago

@jpl-jengelke, ~~quick favor: when this moves out of "draft" state, could you ping me @nutjob4life? I tend to mute draft PRS both logically and mentally 😇~~ Nevermind, I saw it go out of draft "live" during the tag-up meeting on 2024-05-02

ingyhere commented 3 weeks ago

Superbly written guide with a great cadence and feel as well as utility. Should make SCRUB a much easier pill to swallow. Bravo! 🎉

Unfortunately as things go ... I see some areas for improvement. But I will make changes and ask for re-review.

NASA-AMMOS / slim

Guide on Code Security Scanning #148

Purpose

Proposed Changes

Issues

25

Testing