@@ -6,10 +6,37 @@ SPDX-License-Identifier: MIT
66
77# Software Assurance
88
9- This is what user can expect from Makes in terms of security:
9+ This is what user can expect from Makes in terms of security,
10+ the notation is that of a _ Structured Assurance Case Model_ [ ^ 1 ] .
1011
1112- The Makes CLI application is free of known security vulnerabilities.
1213
14+ - The Python code of the Makes CLI application
15+ is free of known security vulnerabilities.
16+
17+ - [ SonarCloud] ( https://sonarcloud.io/ )
18+ reviews every pull request.
19+
20+ Proof:
21+
22+ - You can check the
23+ [ SonarCloud pull requests list for Makes] ( https://sonarcloud.io/project/pull_requests_list?id=fluidattacks_makes )
24+
25+ - You can check the
26+ [ pull requests history] ( https://github.com/fluidattacks/makes/pulls )
27+ and see if the latest pull requests
28+ have a comment
29+ from SonarCloud.
30+ For example:
31+ [ PR 925, Comment 1256837172] ( https://github.com/fluidattacks/makes/pull/925#issuecomment-1256837172 )
32+
33+ - Vulnerabilities count on [ SonarCloud] ( https://sonarcloud.io/ ) is zero.
34+
35+ Proof:
36+
37+ - Visit the [ SonarCloud dashboard] ( https://sonarcloud.io/project/overview?id=fluidattacks_makes ) .
38+ The vulnerabilities count should be zero.
39+
1340 - The dependencies of the Makes CLI application
1441 are free of known security vulnerabilities.
1542
@@ -45,10 +72,12 @@ This is what user can expect from Makes in terms of security:
4572
4673## References
4774
48- - Rhodes, T. , Boland Jr., F. , Fong, E. and Kass, M. (2009),
49- Software Assurance Using Structured Assurance Case Models,
50- NIST Interagency/Internal Report (NISTIR),
51- National Institute of Standards and Technology,
52- Gaithersburg, MD, [ online] ,
53- https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=902688
54- (Accessed September 23, 2022)
75+ [ ^ 1 ] :
76+
77+ Rhodes, T. , Boland Jr., F. , Fong, E. and Kass, M. (2009),
78+ Software Assurance Using Structured Assurance Case Models,
79+ NIST Interagency/Internal Report (NISTIR),
80+ National Institute of Standards and Technology,
81+ Gaithersburg, MD, [ online] ,
82+ https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=902688
83+ (Accessed September 23, 2022)
0 commit comments