Java Code Scanning
In the internal security context, we normally scan our internally developed code for security vulnerabilities. For this purpose, we use 3rd party commercial software that normally need to compile a piece of code to be able to generate a security report for it.
These tools recognized standard programming languages used in the marked (Java, C++, python, …).
We were wondering, since Pega is based on the Java language, is it possible to compile our Pega internal development with a “Java style” instruction, to be able to analyze it later?
In other words, we need a java compilation instruction (mvn command) so we scan the code on the fly. Is that possible? if not, can you please suggest an alternative solution to scan our internal code line regularly as the system is exposed to the internet.
Keep up to date on this post and subscribe to comments
- How to scan Java custom code to avoid vulnerabilities
- Is it possible to run static security scans (Fortify) in pega for both pega generated code and custom code? I mean basically for the entire code base.
- Running Fortify Scans against Pega generated code
- How to scan the bar code in Pega Web application (Not in mobile application)?
- Veracode usage for scanning the pega code.