We had a meeting to discuss our scanning result. Zijun will go to make the CWEs Checklist for manual review. Mustapha made the CWEs list for key finding. we three need to review few CWEs for key finding.
In 11/29/2022, we had the second meeting which to talk about the find of the scanning tools. We shared the issues we found during the scanning tool configuration process. And mustapha decide to help us on SonarQube.
During the Friday's zoom meeting, we reviewed our draft diagrams and having different opinions about it. We finally decide to ask Dr.Ganhdi for his suggestion. After we received his feedback, we decide to reduce the number of diagram from 3 to 2.
The two new diagrams is basically about hospital employee authentication senario and search file senario.
Zijun and Charlie tried to use SonarQube but stuck on the configuration issues, Mustapha later also spend many hours on tring SonarQube. We finaly have to give up and turn to other tools. Zijun turned to CodeQL, Mustapha turned to Fortify, and Charlie still having a last try.