Skip main navigation (Press Enter).

TechXchange Training Community Credentials Events Conference

TechXchange Training Community Credentials Events Conference

Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.

View Only

Back to discussions

Expand all | Collapse all

Open Source Vulnerability and Dependency Code Scans

Erich WolzFri November 04, 2022 10:02 AM

ITSS requires (among other things) open-source vulnerability and dependency code scans using one of the ...

Stephen UlmerSun November 06, 2022 08:55 AM

Just so you know, that CISO link is only available to IBM employees. -- Stephen L. Ulmer ...

1. Open Source Vulnerability and Dependency Code Scans

Like
Erich Wolz
Posted Fri November 04, 2022 10:02 AM

Reply
ITSS requires (among other things) open-source vulnerability and dependency code scans using one of the CISO-approved scanning tools (see https://pages.github.ibm.com/ciso-psg/main/standards/itss.html).

Is this being done for the Toolbox rpm's (https://www.ibm.com/support/pages/aix-toolbox-open-source-software-overview doesn't say one way or the other)? If so, what scanning tool is being used?

------------------------------
Erich Wolz
------------------------------

#AIXOpenSource
2. RE: Open Source Vulnerability and Dependency Code Scans

Like
Stephen Ulmer

IBM Champion
Posted Sun November 06, 2022 08:55 AM

Reply
Just so you know, that CISO link is only available to IBM employees.

--

Stephen L. Ulmer

Enterprise Architect

Mainline Information Systems

Original Message

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic

Global message icon