Open skattar1406 opened 6 years ago
➤ Reuben Pasquini commented:
we have a Jenkins server that is already wired up to receive web hooks from our github repos, so we could add a Jenkinsfile to all of our repos that scans the code for badness. https://jenkins.planx-pla.net that would let us know after the fact that someone has checked in something they shouldn't have
➤ Reuben Pasquini commented:
We're also already running 'Codacy' linter on every pull request - it may have some support for flagging security issues: https://support.codacy.com/hc/en-us/articles/115000723329-Security-Dashboard or we can add our own rules: https://support.codacy.com/hc/en-us/articles/207994335-Code-Patterns
Requirement in the following document: https://uchicago.app.box.com/file/290031139348