ADR-0013: Scan the Codebase for Vulnerabilities and Code Smells Regularly
- Status: draft
- Date: 2024-05-12
- Tags: security, static-analysis, quality
Context and Problem Statement
As our software project grows in complexity and scale, the risk of introducing security vulnerabilities and code smells increases. Currently, our codebase lacks a consistent and systematic approach to identifying these issues early in the development cycle, leading to higher maintenance costs and potential security breaches in production.
This ADR is in a draft state, we will update it with a selection of tools and processes to scan the codebase for vulnerabilities and code smells regularly.
Decision Drivers
- TBD
Considered Options
- TBD
Decision Outcome
TBD.
Positive Consequences
- TBD
Negative Consequences
- TBD
ADRs
You can view the ADRs by browsing this following list:
- ADR-0001: Use Log4brains to manage the ADR
- ADR-0002: Use Markdown Architectural Decision Records
- ADR-0003: VSecM Will Be Scoped to Work on Kubernetes Only
- ADR-0004: Be Practically Secure
- ADR-0005: Be Resilient by Default
- ADR-0006: Be Secure by Default
- ADR-0007: Document All Public Methods
- ADR-0008: Have a Minimal and Intuitive API
- ADR-0009: Have at Least 50% Test Coverage Across the Project
- ADR-0010: Keep Non-Public Function in Separate Files from the Public Functions
- ADR-0011: Keep Things Minimal: Do One Thing Well
- ADR-0012: All Files Shall Have a SPDX License Header
- ADR-0013: Scan the Codebase for Vulnerabilities and Code Smells Regularly
- ADR-0014: Get OpenSSF Best Practices Compliance
- ADR-0015: Keep Source Code Line Length Around 80 Characters
- ADR-0016: Centralize Magic Words, Numbers, and Configuration Constants in Common Modules
- ADR-0017: VSecM OIDC Resource Server Shall Be Secure by Default“
- ADR-0018: Use Asciinema for Use Case Examples in the Documentation“