-
Type:
Task
-
Status: Resolved (View Workflow)
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: VOLTHA v2.5
-
Component/s: ofagent-go, openolt-adapter, openonu-adapter, voltha-lib-go
-
Labels:None
-
Story Points:2
-
Epic Link:
We'd like to arrange with the community that CI/SCA security scan tools are activated on upstream/ONF VOLTHA software repositories so that security requirements are met.
Goal:
all relevant VOLTHA repositories covered by SCA/security tools inside the CI/CD pipeline
The tools may run with the flag "allow_failure: true" inside the CICD pipeline, meaning developers can push and build changes even though the tools report an issue.
The recommended list of security tools:
- Golang https://github.com/securego/gosec
- Python https://pypi.org/project/bandit/
- Java FindSecBugs|https://find-sec-bugs.github.io/
Affected repositories:
https://github.com/opencord/voltha-go
https://github.com/opencord/voltha-openolt-adapter
https://github.com/opencord/voltha-openonu-adapter
https://github.com/opencord/ofagent-go
https://github.com/opencord/kafka-onos
