A PR request to enable nightly security scans of Zettle repos using Synpsys tools and ScanCLI Please merge this PR ASAP
Background
Performing security scans on all code deployed to production is a vital part of any development workflow. It helps us
prevent security issues from reaching production and reduces the cost of resolving such issues. Synopsys tools (BlackDuck
and Coverity) were chosen by PayPal for use in all BUs when performing Static Application Security Testing (SAST) and
Open-Source Security scanning (OSS). This PR implement the first step of the integration, nightly scans. Other, more
involved integrations (e.g. PR scanning) will be implemented later on.
Changes
This PR will add a new GitHub action to each repo. The action will run nightly. - No other changes are made to any files
within the repo.
Disruptions
The proposed change is simple in nature and poses no little to no risk of disturbing the normal development workflows.
Contact
If any issues arise after merging the PR, please reach out to Ahmed Musaad
Summary
A PR request to enable nightly security scans of Zettle repos using Synpsys tools and ScanCLI Please merge this PR ASAP
Background
Performing security scans on all code deployed to production is a vital part of any development workflow. It helps us prevent security issues from reaching production and reduces the cost of resolving such issues. Synopsys tools (BlackDuck and Coverity) were chosen by PayPal for use in all BUs when performing Static Application Security Testing (SAST) and Open-Source Security scanning (OSS). This PR implement the first step of the integration, nightly scans. Other, more involved integrations (e.g. PR scanning) will be implemented later on.
Changes
Disruptions
The proposed change is simple in nature and poses no little to no risk of disturbing the normal development workflows.
Contact
If any issues arise after merging the PR, please reach out to Ahmed Musaad