|
Control Freak &
MergeBase
Cyber Security Collaboration February 2020
|
|
MergeBase Code Green (Vulnerability Scans)
Bit-Booster has teamed up with cyber security startup
MergeBase to develop an innovative application security
collaboration.
The goal:
defend software teams from the
OWASP
Top-10
risk: Software libraries with known
vulnerabilities. The Control Freak plugin
now performs free vulnerability scans
(based on MergeBase's
Code Green technology)
against every git push.
If you find these scans useful:
If you DISLIKE these scans or find them annoying:
Scans are only performed if the repository contains at least
one file that matches
any of the following naming patterns:
**/gemfile.lock, **/package-lock.json,
**/yarn.lock, **/pom.xml, **/*.pom
If a scan is performed, results are printed in response to successful "git push" operations.
Results fall into two general cases:
- Vulnerabilities Found -
remote: --------------------
remote: Control-Freak / MergeBase free vulnerability scan results:
remote: Pushed commit (f4433f706d6da33) has at least 50 known vulnerabilities:
remote: 15 critical, 20 high, 15 medium, 0 low.
remote:
remote: MergeBase Code Green manages vulns! Try a 30-day free trial:
remote: https://marketplace.atlassian.com/apps/1221258
remote:
remote: To learn more:
remote: https://bit-booster.com/control-freak-mergebase-code-green/
remote:
remote: (Vulnerability scan took: 330ms)
remote: --------------------
- No Vulnerabilities Found -
remote: --------------------
remote: Control-Freak / MergeBase free vulnerability scan results:
remote: Pushed commit (488676f85d17dae) has 0 known vulnerabilities.
remote: Excellent! Keep up the good work!
remote:
remote: (Vulnerability scan took: 74ms)
remote: --------------------
Look for the "Enable Code Green" (yes/no) setting on the following admin pages:
To enable or disable per-repository:
Repository --> Settings --> Control Freak
To enable or disable per-project:
Project --> Settings --> Control Freak
To enable or disable globally:
Admin --> Settings --> Control Freak
Search for "Code Green" in your Bitbucket instance's plugin manager.
Or install it from marketplace.atlassian.com.
Intro To SCA (Software
Composition Analysis)
|