sundaranandhan
Contributor
Contributor

Secure coding Scans for Workflows Written in VMWare vRealize Orchestrator.

Hello All,

Has anyone ever ran secure code scanning tools against a bunch of vRO workflows before ? We are in need for the javascript code to be vetted by one of the scanning software like Coverty or Veracode.  I have tried a few opensource ones from https://owasp.org/www-community/Source_Code_Analysis_Tools# , they don't seem to work. Some of them expect a git repo and some of them needs to be linked to github/bitbucket projects. In our case, it's just a plain vRO, no vRA so no gitlab integration. I could export the workflows as a package, they seem to hide the workflow javascript code in "data" files. So wondering if anyone had to do this before and how you ended up solving this.

Thank you in advance,

Regards,

Sundar

0 Kudos
0 Replies