Problem statement
Is there any security scans report available like Fortify scan, Sonar scan, Blackduck etc. for the Deploy CLI and Management Client npm packages? Our security team is looking for security assessment
Solution
We don’t have publicly shareable reports however, we use the following tools for security analysis as of today
Dynamic Application Security Tools:
Detectify: Web application Scanning
StackHawk: API scanning
Static Application Security Tools:
SemGrep: Code scanning
Snyk: SCA(Software Composition Analysis) scanning for dependencies and containers
Infrastructure Security Tools:
InsightVM"