...
| Excerpt |
|---|
30m, Kevin Sandi fabian rouzautand Pawel Pawlak We will share the improvement mechanizm mechanism we developped developed as PoC for ONAP to automatically improve the committed code quality before its merge. |
...
Focus on code quality significantly reduces threats. The cost of fixing problem after merge has a cost (20-50% increase). Lack of SonarCloud automated new code scan was explained and demonstrated with CPS project. As a next step SO project will participate in the PoC. As an ultimate goal all ONAP projects would be covered by security by this design approach.
Action Items
- work with PTLs community on finalization of quality gates for a new code merge to be followed by the TSC presentation for an implementation approval.
- provide feedback to Christophe on duplicated lines (new code vs. existing code) fabian rouzaut