Hi all

Does anyone know (or even better, has used) any automated security scanners for ACE applications and libraries (apart from java and secrets scanning)?

I am setting up a full CICD pipeline for ACE between gitlab and openshift. I'm looking for any useful security scanners that we can implement.

------------------------------
Regards
Matthias Blomme
------------------------------

Hi Matthias,

We have a tool for scanning ACE/IIB/WMB code for security issues /
violations.


I won't list all the checks that it performs here but here are some of
the newest rules:

https://bettercodingtools.com/r484-file-read-or-write-directory-could-be-manipulated-wmb/

https://bettercodingtools.com/r483-requests-should-use-https-instead-of-http-wmb/

https://bettercodingtools.com/r475-iib-trace-node-pattern-contains-a-secret-wmb/

https://bettercodingtools.com/r457-mqttpublish-nodes-should-use-ssl-wmb/


It depends on having Sonarqube running.?? It will produce a "sarif"
report which you can import into GitLab.

https://gitlab.com/better-coding-tools/bct-ace-ant-gitlab/-/blob/master/.gitlab-ci.yml?ref_type=heads



Regards

Richard


--
Richard Huegill
Better Coding Tools
IT Delivery Manager

e:richard@bettercodingtools.com
w:bettercodingtools.com


Original Message:
Sent: 12/11/2023 6:49:00 AM
From: Matthias Blomme
Subject: CICD pipeline (GitLab) security scanners for ACE/ESQL

Hi all

Does anyone know (or even better, has used) any automated security scanners for ACE applications and libraries (apart from java and secrets scanning)?

I am setting up a full CICD pipeline for ACE between gitlab and openshift. I'm looking for any useful security scanners that we can implement.

------------------------------
Regards
Matthias Blomme
------------------------------