Hey @jayasanka & @dkayiwa - do you think we should leverage this in our dev pipeline somehow? Google Announces Vulnerability Scanner for Open Source Developers | SecurityWeek.Com
1 Like
I see we have CodeQL, SonarCloud, Dependabot setup for openmrs-core? Is this not working for us?
Maybe we just need to add more repos and tweak configuration? They integrate nicely with GitHub and run on PRs.
Let me throw in some links for reference as well: https://github.com/openmrs/openmrs-core/security/dependabot
https://github.com/openmrs/openmrs-core/security/code-scanning with nice summary at https://sonarcloud.io/summary/overall?id=openmrs_openmrs-core