Question

Java Code Scanning

In the internal security context, we normally scan our internally developed code for security vulnerabilities. For this purpose, we use 3rd party commercial software that normally need to compile a piece of code to be able to generate a security report for it.

These tools recognized standard programming languages used in the marked (Java, C++, python, …).

We were wondering, since Pega is based on the Java language, is it possible to compile our Pega internal development with a “Java style” instruction, to be able to analyze it later?

In other words, we need a java compilation instruction (mvn command) so we scan the code on the fly. Is that possible? if not, can you please suggest an alternative solution to scan our internal code line regularly as the system is exposed to the internet.

Thanks!

Comments

Keep up to date on this post and subscribe to comments