In this article, we will look at Jenkins integration with SonarQube. Let’s look at the steps below Outcome expected is that when changes are made in code & gets committed, then Jenkins build will automatically do the build with Sonar scan analysis. Step 1: Install required prerequisites Step 2: Install Sonar Scanner plugin Under Manage
In this article, we will look at the basics of Test-Driven Development (TDD) and look at one example of how to write unit test using TDD concept. Extreme programming is one of the Agile Development Processes and TDD is one of the core practices of extreme programming. Test Driven Development also referred as ‘Test First
PCI DSS stands for payment card industry data security standard. It’s a framework designed to protect the entire payment card value chain. There are 12 requirements are met which are considered as PCI complaint Goals Requirements Build and Maintain a secure network & systems Req.1 : Install & maintain a firewall configuration Req 2 :
It refers to an organisation named Defense Information Systems Agency (DISA) that provides security technical implementation guides (STIG) to secure information systems/software to avoid being vulnerable. STIG checklists will secure the below STIG Checklist below https://www.stigviewer.com/stigs
SANS Top 25 is the CWE (Common Weakness Enumeration) list which contains critical errors of security vulnerabilities. SANS(Sysadmin, Audit, Network and Security) is an organisation that provides security policies to be followed. Rank Name 1 Out-of-bounds Write This happens due to memory corruption which is caused by index out of bound exception error 2 Improper
OWASP stands for Open Web Application Security Project and it’s an open-source application security community with goal of improving security of the software. It’s an industry standard guideline that lists the most critical application security risks which enables developers to secure the application they develop & deploy. OWASP Top 10 2017 Standards: 1. Injection This
Fortify scans the code to detect security vulnerabilities and sonar as well does that. Lets look at what are the differences between both Category Sonar Fortify Purpose Static code analysis tool which provides code quality report for duplicate code, code smells, security vulnerabilities Static code analysis tool which provides report on security vulnerabilities that impact
Before we jump into the installation & setup configuration, lets understand the basics of SonarQube. What is SonarQube? SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality and conduct static analysis of code to identify bugs, code smells & security vulnerabilities on 20+ programming languages. SonarQube produces report for
This article explains overview of the static code analysis Static Code Analysis – Overview (c-sharpcorner.com)
In this article, it shows the comparison between of unit testing tools in .NET Comparison Of Unit Testing Tools In .NET (c-sharpcorner.com)