Stack Overflow
Stack Overflow

Questions tagged [code-auditing]

A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions.

A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions.

8 questions
2
votes
1 answer

Can code audits be considered static analysis?

When people talk about static analysis, they usually talk about quality metrics and programming conventions. And seems that code auditing is something apart, since what it finds are bugs and security breaches. When, in theory, both are static…
Julen
  • 1,024
  • 1
  • 13
  • 29
2
votes
1 answer

Code Audit for Android/iOS

I have just been given a task at work to help audit a code base for a mobile app. I am not a mobile app programmer, although I've been a software developer for many years now, but know nothing about mobile apps. I was wondering if there's any tips…
zapatilla
  • 1,711
  • 3
  • 22
  • 38
1
vote
0 answers

gosec unable to locate importing dir

I'm having a bit of trouble running gosec with my current setup, both inside my local development machine and GitHub Actions. When every time it ran this command gosec aminogo/*.go it gives the same set or errors Golang errors in file:…
Felix Fong
  • 969
  • 1
  • 8
  • 21
0
votes
0 answers

How can a someone verify that the app we publish is indeed made from the reviewed source code?

We are planning to release an email privacy software and make the source code available for peer review. How can a reviewer be certain that the app we publish is made from the source code that he reviews? Even if the reviewer spent several days…
Veet Vivarto
  • 371
  • 3
  • 11
0
votes
2 answers

COMMITTING_TOP_LEVEL_VALUES_NOT_SUPPORTED: Javers exception, springboot and mongodb

I am using javers in my spring boot with Mongodb, when updating or deleting I get the error COMMITTING_TOP_LEVEL_VALUES_NOT_SUPPORTED:Committing top-level ValueTypes like 'String' is not supported. You can commit only Entity or ValueObject…
Muhammad Siraj
  • 3
  • 1
0
votes
0 answers

Connection String Parameter Pollution Issue on Code Audit

I am developing an ASP.Net Web forms Application. Code audit done by an external team and the resulting document shows Connection String Parameter pollution in Data access code. The connection string is as follows.
Saneesh
  • 1
0
votes
1 answer

SQL Code Push, Tracking and Auditing

Just a bit of background on where my question is coming from: my company has multiple databases across the globe that uses the same schema and once of my department's responsibility is to monitor and make sure all these DBs are in sync from a schema…
EkeshOkor
  • 109
  • 2
  • 10
0
votes
5 answers

Preventing worst practices in Java, the hard way

Given that the concept of "best" and "worst" practices can be different in different environments, our company introduced a standard set of internal "best" practices that are continuously violated by our developers. I want to share two in…
usr-local-ΕΨΗΕΛΩΝ
  • 26,101
  • 30
  • 154
  • 305