The CSM services/repositories are inspected for security vulnerabilities via gosec.

Every issue detected by gosec is mapped to a CWE (Common Weakness Enumeration) which describes in more generic terms the vulnerability. The exact mapping can be found at https://github.com/securego/gosec in the issue.go file. The list of rules checked by gosec can be found here.

In addition to this, there are various security checks that get executed against a branch when a pull request is created/updated. Please refer to pull request for more information.

Have you discovered a security vulnerability in this project? We ask you to alert the maintainers by sending an email, describing the issue, impact, and fix - if applicable.

You can reach the CSM maintainers at karavi@dell.com.