In order to secure our application, we need to address this error based on a bearer scan
Acceptance criteria
[ ] Remove ruby_rails_password_length from bearer.yml skip-rule
[ ] Remediate issue where appropriate
[ ] Add to bearer.ignore where it is a false positive
Implementation notes, if any
This stems from Devise configuration for passwords - do we even use database authentication for this application? Can we just remove this entirely? Or is this constrained by CAS, in which case we should put it in the bearer.ignore file?
To create an easily readable html report for this error, run bearer scan . --format html --output bearer_report.html --only-rule ruby_rails_password_length and open the resulting file in your browser (must be done after removing from the bearer.yml file)
What maintenance needs to be done?
Remediate ruby_rails_password_length bearer error
Level of urgency
Why is this maintenance needed?
Acceptance criteria
ruby_rails_password_lengthfrom bearer.yml skip-ruleImplementation notes, if any
bearer scan . --format html --output bearer_report.html --only-rule ruby_rails_password_lengthand open the resulting file in your browser (must be done after removing from the bearer.yml file)