OpenMAMA is an open source project that provides a high performance middleware agnostic messaging API that interfaces with a variety of proprietary and open source message oriented middleware systems.
Docker scan passed, which is great news. We use trivy.dev for scanning, but if you have any other CLI tools you'd like to use instead, feel free to update the action, I'd be happy/curious to see it in action
Semgrep (static code analysis) found 239 items, see https://github.com/maoo/OpenMAMA/actions/runs/3496624096/jobs/5854747447 . It's not mandatory nor blocker to solve them all, though I personally like Semgrep as it keeps my code cleaner. It's also very easy to ignore a warning, by adding #nosemgrep comment at the top of the affected line of code, or via the .semgrepignore file . I'll let you decide if and when enabling it.
Hi there,
I've added to this Pull Request a bunch of security scans:
#nosemgrepcomment at the top of the affected line of code, or via the.semgrepignorefile . I'll let you decide if and when enabling it.Additional steps that would greatly improve the security posture of this project:
Eager to hear your thoughts on it, and happy to adjust the aim based on your feedback.