This is the repository of Software Assurance Class project
Mustapha will working on writting team reflection.
We had a meeting to discuss our scanning result. Zijun will go to make the CWEs Checklist for manual review. Mustapha made the CWEs list for key finding. we three need to review few CWEs for key finding.
In 11/29/2022, we had the second meeting which to talk about the find of the scanning tools. We shared the issues we found during the scanning tool configuration process. And mustapha decide to help us on SonarQube.
We arranged a meeting on Thursday, then we postpone our meeting to Firday.
11/28/2022 We had a zoom meeting for discussing the last assignment.
Decisions : Zijun and Charlie were assigned to working on SonarQube. Mustapha will do more research on other tool.
We had a 1 hour meeting on Monday for discussing how to build a threat model. N
one of us missing this meeting.
The Code review Strategy section will be written by Mustapha.
After the first meeting, Mustapha was assigned to do research on other tools.
Mustapha decided to use Fortify to scan our OSS.
The subsection of Fortify in section of Auto scanning will be written by Mustapha.
The subsection of CodeQL in section of Auto scanning will be written by Zijun.
Having a zoom meeting for reviewing our assignment document and making sure it is deliverable.
Charlie will keep working on SonarQube for giving a last try.
Since we need to stick on the progress, Zijun was assigned to try CodeQL for Scanning.
During the Friday's zoom meeting, we reviewed our draft diagrams and having different opinions about it. We finally decide to ask Dr.Ganhdi for his suggestion. After we received his feedback, we decide to reduce the number of diagram from 3 to 2.
The two new diagrams is basically about hospital employee authentication senario and search file senario.
We have a team meeting for discussing how to revise our diagram based on Professor's advise. This meeting is 1 half hour long in Saturday.
We create a level 0 data flow diagram for Elasticsearch during the Monday meeting.
The Key Finding section and contribution section will be written by Charlie.
Zijun and Charlie tried to use SonarQube but stuck on the configuration issues, Mustapha later also spend many hours on tring SonarQube. We finaly have to give up and turn to other tools. Zijun turned to CodeQL, Mustapha turned to Fortify, and Charlie still having a last try.
The Manual review Section will be written by Zijun.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
