Skip to main content

Security Office Hour 2024-03-14

Security Office Hour meeting minutes

Announcements

  • SAST: CodeQL transition is ongoing, PRs to add corresponding workflows is ongoing. Veracode license will expire at the end of March, so everyone is encouraged to review their workflows to ensure a timely transition to CodeQL.
  • DAST: Invicti license will expire at the end of August and already exceeded the website limit. There will be no DAST tool required for the next Quality Gate.
  • Secret scanning
    • Gitguardian is currently set up, but Gitleaks is a potential successor.
    • Testing of Github secret scanning is still in progress.
  • TRG 8.0 has been published as a draft, adjustments as PR are warmly welcome.

Open Discussions

  • none