Polar is a secure and scalable knowledge graph framework, designed to address the challenges posed by building big data systems in highly regulated environments, and improve observability for DevSecOps Organizations.
Other
10
stars
1
forks
source link
Add Useful Static Analysis tools to a build/test automation script #7
We've done work with SBOM tools, such as Bomber, which may be of interest for the pipeline. Here are some static analysis tools I think we should create an automation script for and run them with a build. A report should be generated and saved. Use the time of the script run in the filename to get a unique filename for a given run. The tests should not fail the build unless the failure is something crucial that we must fix. Suggest starting with separate scripts for each tool, considering their outputs, saving state, and deciding whether or not to fail the build. We can make a single script to run all of the individual tests. For example, the integration script could simply run all of the scripts it finds in a "static-analysis" folder, for example. Some of these tools take some time to build and run, so collect timing measurements for each tool, as well. We can decide later what is an acceptable amount of time to add to the entire build.
We've done work with SBOM tools, such as Bomber, which may be of interest for the pipeline. Here are some static analysis tools I think we should create an automation script for and run them with a build. A report should be generated and saved. Use the time of the script run in the filename to get a unique filename for a given run. The tests should not fail the build unless the failure is something crucial that we must fix. Suggest starting with separate scripts for each tool, considering their outputs, saving state, and deciding whether or not to fail the build. We can make a single script to run all of the individual tests. For example, the integration script could simply run all of the scripts it finds in a "static-analysis" folder, for example. Some of these tools take some time to build and run, so collect timing measurements for each tool, as well. We can decide later what is an acceptable amount of time to add to the entire build.