gardener-attic / gardenctl

Command-line client for the Gardener.
Other
56 stars 42 forks source link

Static code analysis #524

Closed hoeltcl closed 2 years ago

hoeltcl commented 3 years ago

Gardener informs its stakeholders in its CNCF CII Badge, that static code checks are applied by using Checkmarx. This repository has findings, which have to be assessed by the component owner(s). As required all prio high findings were already been immediately assessed. Please find the maximum processing times until when to assess the remaining prio medium findings in the SAP Security Response Team's Wiki (restricted access). At the time being you can ignore the prio low findings. Please find background information and a link to the Checkmarx project for your repository in the Wiki (restricted access). In the Wiki (restricted access) you will as well find information how to get a Checkmarx user which is required to be able to do your assessment in the Checkmarx Web UI.

hoeltcl commented 2 years ago

Resolved