Has anybody used the Sonatype Insight-Application Health Checker ? It requires you to scan your application ( war, jar, zip etc ) and then uploads its findings onto the Sonatype Insight Server. After this, you get the report via the email which also contains an online link to the interactive report.
The problem that i find with this approach is that my application composition details get uploaded to a remote server ( outside my organizational control ) and then the report gets published at an online link which can be accessed by anyone. I do not want this. Is there a way to generate this report without uploading the details to the 'remote server' ?
But the bigger question is, are application owners and organizations ready to share their application composition details to a server outside their reach while performing IP audits on their applications ?
Please let me know what the general pereception about this is ?
Generally, if you're only sending meta-data about your open source usage - that's not sensitive information.
If you have privacy issues, you can also check out White Source software that provide similar service on cloud.
lots of people use the system to generate a quick and easy manifest of their application based on open source component use. If you a are concerned about anyone else theoretically knowing what open source components you are using, then you may be interested in our on-premises version of this tool for enterprises.
Related
I want to share my crashlytics crash report to some 3rd parties.
How can I get a publicly accessible url like below?
http://crashes.to/s/419b5b28766
I am bit new here, is it a old deprecated crashlytics feature?
I don't seem to find in my fabric crashlytics dashboard.
Zubair - from Fabric/Firebase. Great question. We deprecated that share link feature, so those won’t be accessible anymore. The decision to drop support for it was based on customer feedback, and because we don’t plan to carry over the share links feature over to Firebase.
Definitely not ideal if you were using that feature a lot, but as a workaround I recommend downloading the stacktrace and issue details with the "Download .txt" file button and sharing that instead.
Downloading the stacktrace and issue details with the "Download .txt" file button was part of the Fabric.io. In Google Firebase, using the BigQuery is the best way to get that data. To to that make sure, you have enabled the BQ Integration under Project Settings > Integrations > BigQuery
I'm new to ZAP tool so sorry in advance if question is stupid, but I cannot find answer on it so far...
I have to fix all the vulnerabilities in some application, so I installed ZAP proxy tool locally, then explored application manually, collected all the requests and ran 'Active scanner' against it. So far everything is good, but the problem is that application quite big and it's very difficult and time consuming to cover everything manually. Fortunately we have dedicated automation environment where I can setup ZAP proxy and let test's go and populate context (set of url's for test) for me
So now my task is somehow share context's between different environments with ability to change base addresses
e.g. I populated context on somedomain/myapp and want run ZAP tool against same application deployed locally, or in different server (e.g. localhost/myapp)
It would be very helpful if someone could share any info how to achieve that.
Thank you in advance,
Eugene
It seems that you can create new context and then add existing links to that context.
Craete a new context
Add existing link to the selected content (right click)
Check this link.
https://chrisdecairos.ca/intercepting-traffic-with-zaproxy/
Tiago
Dashboard designer error:
The url is not available,does not reference a sharepoint site, or you
do not have permission to connect
This is happening to the site collections under one web application only in the whole Farm. Other web applications are working fine and I can open site collections through dashboard designer.
Any suggestions????
Unattended acc is all set, Site feature is activated, site collection is added to trusted location. On database side, app pool acc has db owner access to web app db. PPS is db owner there as well.
I think this indicates to a deployment issue on this app. Maybe something went wrong when deploying webparts, the assemblies couldnt be registered or were not copied correctly. It could also be a specific access restriction issue in SharePoint or in the file system that SharePoint relies on.
Without any log information it is hard to say what is really the problem - but - have a look at windows event log for any further indications, the general log files that sharepoint/asp.net write or also consider using monitoring tools that can tell you more details on what is happening here.
I recently wrote a blog on top deployment mistakes in SharePoint. I highlight exactly these deployment mistakes in more details: Link
Andi
We have multiple clients using our service.
Each client may create multiple projects.
Each client may upload multiple files to any of his projects.
Each file may have custom meta data associated.
Each client may "share" any of the projects to another client.
Each client may comment any of his or shared projects/files.
My question is about file storing in a cloud. What will best solution? I thought about Amazon S3 but maybe there are better alternatives?
You can explore Box.com solution. They are an advanced file management solution in the cloud and support fine-grained permission management as you explained above. Dropbox for Teams is also another option - The permission model is not as extensive as Box, but the sync client is very stable here. In one of my recent projects, I used box.com mainly due to their fine-grained permission controls
You can also build this on S3 (Dropbox and I guess Box too is behind the scenes built on S3). To achieve all the functionality as you mentioned, it is quite some programming work !
I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution