Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[R24.5] SAST / DAST PCWM conformity : TRG 8.01 & TRG 2-6 #780

Closed
4 tasks
mkanal opened this issue Mar 21, 2024 · 1 comment · Fixed by catenax-ng/tx-traceability-foss#1148
Closed
4 tasks

[R24.5] SAST / DAST PCWM conformity : TRG 8.01 & TRG 2-6 #780

mkanal opened this issue Mar 21, 2024 · 1 comment · Fixed by catenax-ng/tx-traceability-foss#1148
Assignees
@jzbmw
Labels
R24.5

Comments

@mkanal
Copy link
Contributor

mkanal commented Mar 21, 2024

As product
I want migrate from deprecated S/DAST to new proposed S/DAST toolings
so that compliant to the TRGs for R24.5

Hints / Details

Please migrate to the new tools, which means using Static Application Security Testing CodeQl (https://eclipse-tractusx.github.io/docs/release/trg-0/trg-8-01/ ) for software security testing and Software Composition Analysis (https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-6/ ) for analyzing software components. It is also important to change/delete the related GitHub actions.

Acceptance Criteria

  • TRG 8 .1 Veracode is descoped from documentation, cd/cd pipeline, code, KIT docu etc
  • TRG 8 .1 CodeQl is used for SAST including extension documentation, cd/cd pipeline, code, KIT docu etc
  • TRG 2.1 Dependabot is used for SCA including extension documentation, cd/cd pipeline, code, KIT docu etc
  • TRG 2.1 Veracode is descoped from documentation, cd/cd pipeline, code, KIT docu etc

Out of Scope

  • ...
@mkanal mkanal added this to Trace-X Mar 21, 2024
@github-project-automation github-project-automation bot moved this to inbox in Trace-X Mar 21, 2024
@mkanal mkanal added the R24.5 label Mar 21, 2024
@jzbmw jzbmw moved this from inbox to next in Trace-X Apr 2, 2024
@ds-mwesener ds-mwesener assigned ds-lcapellino and unassigned jzbmw Apr 2, 2024
@ds-lcapellino ds-lcapellino moved this from next to wip in Trace-X Apr 3, 2024
@github-actions github-actions bot mentioned this issue Apr 4, 2024
Merged
@ds-lcapellino ds-lcapellino moved this from wip to test in Trace-X Apr 4, 2024
@ds-mwesener ds-mwesener mentioned this issue Apr 9, 2024
Merged
2 tasks
ds-mmaul pushed a commit that referenced this issue Apr 9, 2024
@ds-lcapellino
chore: #780 update SECURITY.md
c342163
ds-mmaul pushed a commit that referenced this issue Apr 9, 2024
@ds-lcapellino
chore: #780 adapt to TRG 1.08 - store api documentation in docs/api
d501cf7
ds-mmaul pushed a commit that referenced this issue Apr 9, 2024
@ds-lcapellino
chore: #780 udpate CHANGELOG.md
1963813
@ds-crehm
Copy link
Contributor

ds-crehm commented Apr 9, 2024

Not possible to test. PRs look good to me. Ready for review @jzbmw

@ds-crehm ds-crehm reopened this Apr 9, 2024
@ds-crehm ds-crehm moved this from test to review in Trace-X Apr 9, 2024
@ds-crehm ds-crehm assigned jzbmw and unassigned ds-lcapellino Apr 9, 2024
@jzbmw jzbmw moved this from review to done in Trace-X Apr 15, 2024
@jzbmw jzbmw closed this as completed Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzbmw jzbmw

Labels
R24.5
Projects
Trace-X
Status: done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Chore/780 trg conformity catenax-ng/tx-traceability-foss
4 participants
@jzbmw @mkanal @ds-lcapellino @ds-crehm