Posted: 2 Nov 2019 2:38 EDT Last activity: 2 Nov 2019 2:38 EDT
Java Code Scanning
In the internal security context, we normally scan our internally developed code for security vulnerabilities. For this purpose, we use 3rd party commercial software that normally need to compile a piece of code to be able to generate a security report for it.
These tools recognized standard programming languages used in the marked (Java, C++, python, …).
We were wondering, since Pega is based on the Java language, is it possible to compile our Pega internal development with a “Java style” instruction, to be able to analyze it later?
In other words, we need a java compilation instruction (mvn command) so we scan the code on the fly. Is that possible? if not, can you please suggest an alternative solution to scan our internal code line regularly as the system is exposed to the internet.