FEA403 Regularly Scan for Known Security Vulnerabilities
| Test Result ID | TR403-001 |
| Author/Designer | Niko Satejeff |
| Date of creation | 22-4-2024 |
| Class | Functional |
Test Case
Description
This test ensures that the SAST automatically detects possible security weaknesses and threats.
Acceptance Criteria
- Implementation of a process for regular scanning of the codebase and dependencies for security vulnerabilities.
- Seamless integration of security scanning tools into the development workflow.
- Prompt resolution of identified security vulnerabilities.
- Thorough testing of the security scanning process to ensure accurate detection of vulnerabilities.
- Documentation update to include instructions for security scanning and vulnerability resolution.
Test Results
SAST runs automatically when code is pushed to the pipeline and notifies us about possible vulnerabilities in the security dashboard and in the vulnerability report.
When trying to get it to notice self-made vulnerabilities, it didn't notice them. It could be possible that they weren't the type of vulnerabilities that SAST scans for. Further testing should be considered for this reason, but for now, it gets a pass.
Test Passed