We are going to use Azure DevOps Demo Generator to generate a project to run Static Application Security Testing (SAST) to get detailed information on security vulnerabilities and suggested fixes for quick remediation.
- Navigate to DevOps Demo Generator to select the WhiteSource Bolt template.
You can navigate to the created project repos and choose the Readme file to read more about the project.
- Navigate to pipelines to edit it
- Choose the agent we need to use Ubuntu latest or any of ubuntu agents.
- Select NPM Install.
- Make sure it has the install command so it could set up the NPM.
- Select Maven
- Make sure to assign the pom.xml destination
- Select WhiteSource and leave it to the default values but basically, you should select the Repo/App you want to scan
- Click Save & queue
- Navigate to the pipelines after the build is done and select the WhihteSource CI
- Select MendBolt This is the risk vulnerability and it has 3 types High-Medium-Low and we have HIGH which means our application is not secure at all Select Security Vulnerabilities Here you can find the fix you should be doing to avoid this vulnerability risk
Also, you can check License risks.
