[Koha-bugs] [Bug 35984] New: automated static code analysis should include security tests
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Feb 2 01:12:49 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35984
Bug ID: 35984
Summary: automated static code analysis should include security
tests
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: evelyn at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
A few libraries have asked recently if, prior to production/during the
development lifecycle, automated source code analysis tools are used to test
for security flaws specifically. Typically these questions are in relation to
processes like renewing cybersecurity insurance or initial discovery by a
potential partner library's security/IT department.
Perlcritic seems to be currently used, but as far as I can tell it appears the
tests are for enforcing the coding standard.
Using an automated tool to look for security flaws will be a beneficial
addition to the project, so I'd like to at least start the discussion here.
OWASP has an informational page for further reading:
https://owasp.org/www-community/controls/Static_Code_Analysis
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list