Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Flags deep dive: Technology flags/Code analysis flags for secure coding practices)

            Modified on Fri, 5 Sep at 1:44 PM 

            The platform provides a wide range of security code flags (based on OWASP guidelines), including broken access control, cryotographic failure, and more in this category.

            When to use these Flags?

            Leverage this flag to identify all the security drifts based on the specified conditions configured based on OWASP standards.

            Impact:

            Technology.

            Classification:

            Code

            Tools:

            Atlassian Jira, ADO Board, Github, Gitlab, Bitbucket.

            Intent:

            The intent of this flag is to identify the drift in the codebase introduced in a Feature branch or a PR (based on a set of changes introduced in a bunch of files) based on the specified OWASP standards. The  check is done based on the following contexts:

            1. The code introduced in the current Code branch/Pull request/Merge request.
            2. The data associated with the Code branch/Pull request/Merge request.
            3. The details associated with the linked Jira/ADO work item.
            4. The data associated with other PRs/Branches contributed by the developer.
            5. The AST graph for the underlying programming language/framework.


            The outcome of the aforementioned checks could result in an array of issues in the changes. The platform also provides the resolution path for every issue (which the engineer can copy and apply in the code base).


            Please note that this analysis is triggered when a commit is done by the developer and the inferences/recommendations are pushed to Cuybts UI layer, VS Code and the actual Branch/PR in Github/Gitlab/Bitbucket.


            Configurations:

            The configuration allows the Engineering manager/lead to define the scope of computation: 

            1. The data source for analysis (Pull request, code branches or both).
            2. The timespan (aks age) of selected data sources (Pull request, code branches or both).
            3. Auto resolution settings: Enable this setting to auto-resolve the flag using one of the below mentioned options:
              1. Reporting the flag in Jira (for the entire flag or based on severity of issues in the flag).
              2. Notifying the workspace admins and assignees of the issue via email.
              3. Marking the entire flag as resolved as soon as they appear.
            4. Compliance settings: Enable this setting to mark this a as a compliance flag; this will ensure the visibility of all the artefacts violating this flag in the compliance status report.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0