Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security issues and warnings #6208

Open
stefanCCS opened this issue Aug 30, 2024 · 4 comments
Open

Fix security issues and warnings #6208

stefanCCS opened this issue Aug 30, 2024 · 4 comments
Labels
development fund 2025 A candidate for the Kitodo e.V. development fund.

Comments

@stefanCCS
Copy link
Collaborator

stefanCCS commented Aug 30, 2024

Description

For KITODO.PRODUCTION the security issues which are reported on the security tab should be removed (in the meaning of "to be solved").
This is a similar task as we have done already for KITODO.PRESENTATION (see kitodo/kitodo-presentation#893.

At this moment this issue here is just prepared with the aim to have it available for next development fund round.
It might be needed to update this content here, when the next round of development fund is started.

@stefanCCS stefanCCS added the development fund 2024 A candidate for the Kitodo e.V. development fund. label Aug 30, 2024
@stefanCCS
Copy link
Collaborator Author

@solth : Please consider to create label "development fund 2025", change the label on this issue to that (2025), and assign this new label for the issue type "task for development fund".

@henning-gerhardt
Copy link
Collaborator

henning-gerhardt commented Aug 30, 2024

For KITODO.PRODUCTION the security issues which are reported on the security tab should be removed.

Your mentioned link is only available for certain persons which have the right to see them. But independent of this link: you can see all the issues if you fork the repository and enable the security scanning from GitHub. The security issues are not solved by removing them from the list they are only "hidden" and still existing and should be solved instead of ignored. Hiding them until and presenting them only on the next round of the development found is in my opinion a bad move.

@stweil
Copy link
Member

stweil commented Aug 30, 2024

Related: #5997. Some issues are reported by both static analyzers.

2024-08-30

GitHub Code Scanning (CodeQL) currently reports 1390 issues, Coverity Scan reports 353 issues.

Codacy reports 95 issues.

2024-09-30

CodeQL reports 1405 issues.

@solth solth added development fund 2025 A candidate for the Kitodo e.V. development fund. and removed development fund 2024 A candidate for the Kitodo e.V. development fund. labels Sep 2, 2024
@stefanCCS
Copy link
Collaborator Author

For KITODO.PRODUCTION the security issues which are reported on the security tab should be removed.

Your mentioned link is only available for certain persons which have the right to see them. But independent of this link: you can see all the issues if you fork the repository and enable the security scanning from GitHub. The security issues are not solved by removing them from the list they are only "hidden" and still existing and should be solved instead of ignored. Hiding them until and presenting them only on the next round of the development found is in my opinion a bad move.

The purpose of this issue here, is not not intended to "hide" the issue, but to solve these (I have updated the description accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
development fund 2025 A candidate for the Kitodo e.V. development fund.
Projects
None yet
Development

No branches or pull requests

4 participants