[FINERACT-967] lgtm.com Security Vulnerability Assessment Scanning - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Auto Closed
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
- Cleanup2022
- technical

Description

https://lgtm.com/projects/g/apache/fineract is pretty "interesting"...

368 alerts: 69 Errors, 251Warnings, 48 Recommendations

Let's do something about this?

FINERACT-854 for FINERACT-853 should address some of the issues raised there. Let's first do that, and then look at this again. Whatever is left, we ideally should not just fix it "one off", but find (or make?!) automated code scan quality tools which detect those issues - and make sure that we don not re-introduce them again over time.

Attachments

Issue Links

blocks

FINERACT-865 Strengthen/Harden Fineract 1.x to LTS Version by Upgrading Java & Improving Code Coverage of Tests

Closed

is blocked by

FINERACT-853 Use find-sec-bugs SpotBugs plugin to detect SQL injection issues (and other security related problems)

In Progress

FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere

In Progress

relates to

FINERACT-969 Run OWASP zaproxy.org against Fineract (e.g. fineract.dev)

Open

FINERACT-988 Snyk.io Security Vulnerability Assessment Scanning

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Michael Vorburger

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/May/20 23:34

Updated:: 07/Nov/22 18:11

Resolved:: 07/Nov/22 18:11