Uploaded image for project: 'Red Hat Enterprise Linux AI'
  1. Red Hat Enterprise Linux AI
  2. RHELAI-4743

[SPIKE] Evaluate SAST Tools for Proactively Detecting CVEs in sdg_hub

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • DevOps
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Sprint 3, Midstream Integration Sprint 4

      Problem Statement

      • The AI Innovation team will be responsible for remediating CVEs introduced in their sdg_hub repository such that Red Hat AI 3.0 products which ultimately consume some form of sdg_hub do not contain those CVEs. However, the AI Innovation Team needs the ability to proactively detect CVEs so that CVEs are detected as early on as possible in the release lifecycle to give themselves ample time handle those CVEs

      Goals

      • Identify specific SAST tools/integrations that we want to leverage in sdg_hub
        • Note #1: Since sdg_hub is a Python-based library, we need to ensure that Python packages consumed by sdg_hub are scanned for CVEs by at least one SAST tool/integration.
        • Note #2: Consider the ways in which these tools can notify the sdg_hub maintainers. (Ideally, we do not want this information publicly disclosed.)
      • Work with AI Innovation team to understand their needs around SAST /vulnerability detection

      Acceptance Criteria

      • At least one SAST tool/integration is identified

       

      Out of Scope

      • Installing or integrating these tools is out of scope for this card. This work will be completed in another Jira card.

              rh-ee-dkuma Dev Kumar
              cpacheco@redhat.com Courtney Pacheco
              Charli Allen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: