Open question - Vulnerability and malware scan?

pegasystems / react-sdk

The React SDK provides Pega customers with the ability to build DX components that connect Pega’s ConstellationJS Engine APIs with a design system other than the Pega Constellation design system.

https://community.pega.com/marketplace/components/react-sdk

Apache License 2.0

16 stars 30 forks source link

Open question - Vulnerability and malware scan? #498

Closed AdityaKulkarni2024 closed 1 month ago

AdityaKulkarni2024 commented 1 month ago

I was wondering, since the repo is available to public internet and anyone could download and start using it. just wanted to understand on the vulnerability and malware scan of the code in it. Does Pega have any scanning done already before publishing the code on pegasystems/react-sdk ? If yes, what kind of scans are completed ?

niallriddell commented 1 month ago

We use dependabot and mend scan. Mend scan was originally run when the repo was open sourced and has now been enabled to run weekly also.

niallriddell commented 1 month ago

Closing this as consumer of repository can also run local scans if above is not enough.