Does anyone know if Scriptcase uses code quality scans on their code? I’m using GuardRails in GitHub and there are 210 vulnerabilities in their code. I haven’t created any project code yet. This is just from generated code.
What kind of vulnerabilityies?
Hi
A few months ago, I asked SC about code security analysis, but the support team was unable to give me an answer.
Of course. This type of security is not their priority.
You really want me to list out all 210? What matters is they comply with code quality since their product is exposed to the internet in web applications.
No, of course not, and I agree. But as SC is using a lot of third party software, I’m curious what kind of issues are most severe. Is it because of old libs, or does the generated code has vulnerabilities. And what is the vulnerability level? If you look at https://www.cvedetails.com/vendor/30147/ then there are some, but certainly not 210. Which GuardRails are you using, I looked at GitHub, but it is not clear to me as there are many.
Below is an image of the results. The CVE website is not even close to my results. It shouldn’t matter where the vulnerability lies (lib, etc). It’s up to Scriptcase to make sure the application is protected especially since it’s their code.
Coming from an IT background of 39 years, as a developer I need to protect the integrity of the application. When we dealt with vulnerabilities we started with anything more than a level 3 and worked our way down to the 1’s.
I’m using the free version of GuardRails but that should not matter.
Here is some samples:
