Software Assurance

This is what user can expect from Makes in terms of security, the notation is that of a Structured Assurance Case Model[^1].

• The Makes CLI application is free of known security vulnerabilities.

  • The Python code of the Makes CLI application is free of known security vulnerabilities.

    • SonarCloud reviews every pull request.

      Proof:

      • You can check the SonarCloud pull requests list for Makes

      • You can check the pull requests history and see if the latest pull requests have a comment from SonarCloud. For example: PR 925, Comment 1256837172

    • Vulnerabilities count on SonarCloud is zero.

      Proof:

      • Visit the SonarCloud dashboard. The vulnerabilities count should be zero.

  • The dependencies of the Makes CLI application are free of known security vulnerabilities.

    • Fluid Attacks Continuous Hacking tool is enabled for the repository.

    Proof:

    • You can check the Fluid Attacks Certificate

References

[^1]:

Rhodes, T. , Boland Jr., F. , Fong, E. and Kass, M. (2009), Software Assurance Using Structured Assurance Case Models, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=902688 (Accessed September 23, 2022)