App Connect

 View Only
Expand all | Collapse all

CICD pipeline (GitLab) security scanners for ACE/ESQL

  • 1.  CICD pipeline (GitLab) security scanners for ACE/ESQL

    IBM Champion
    Posted Mon December 11, 2023 06:49 AM

    Hi all

    Does anyone know (or even better, has used) any automated security scanners for ACE applications and libraries (apart from java and secrets scanning)?

    I am setting up a full CICD pipeline for ACE between gitlab and openshift. I'm looking for any useful security scanners that we can implement.



    ------------------------------
    Regards
    Matthias Blomme
    ------------------------------


  • 2.  RE: CICD pipeline (GitLab) security scanners for ACE/ESQL

    Posted Mon December 11, 2023 07:52 AM
    Hi Matthias,

    We have a tool for scanning ACE/IIB/WMB code for security issues /
    violations.


    I won't list all the checks that it performs here but here are some of
    the newest rules:

    https://bettercodingtools.com/r484-file-read-or-write-directory-could-be-manipulated-wmb/

    https://bettercodingtools.com/r483-requests-should-use-https-instead-of-http-wmb/

    https://bettercodingtools.com/r475-iib-trace-node-pattern-contains-a-secret-wmb/

    https://bettercodingtools.com/r457-mqttpublish-nodes-should-use-ssl-wmb/


    It depends on having Sonarqube running.?? It will produce a "sarif"
    report which you can import into GitLab.

    https://gitlab.com/better-coding-tools/bct-ace-ant-gitlab/-/blob/master/.gitlab-ci.yml?ref_type=heads



    Regards

    Richard


    --
    Richard Huegill
    Better Coding Tools
    IT Delivery Manager

    e:richard@bettercodingtools.com
    w:bettercodingtools.com