2020-12-09 03:20

FINOS Code Scans, Checks, Validation - Alloy Studio

Starting this is dependent on https://github.com/finos/alloy/issues/184 completing (i.e., code being uploaded)


  • [x] FINOS Security Vulnerability Check
  • [x] FINOS Legal/License Scans
  • [x] Apply FINOS Project Blueprint


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • weixin_39573781 weixin_39573781 5月前

    Depends on https://github.com/finos/alloy/issues/184 to have completed before this can start.

    点赞 评论 复制链接分享
  • weixin_39573781 weixin_39573781 5月前

    As suggested, I think these items can/should also appear on the FINOS infra kanban.

    点赞 评论 复制链接分享
  • weixin_39678426 weixin_39678426 5月前
    • No Category X license found; check passed.
    • README is missing badges, Roadmap and Contributing sections.
    • Code is clean and in line with FINOS project template.
    • PURE license found, see FOSSology report for more details.
    • No suspicious files or contents, i.e. secrets, swear words. No signs of plagiarism.
    • No CVEs or bugs found; one false positive was addressed via WhiteSource exclusions configuration
    • The file /app/models/metamodels/pure/system/Legal.json contains copies of license and agreement texts for the ISDA CDM(TM) Version 2.0 Development License and for the FINOS Legend Terms of Service. I am currently working with the FINOS team to understand the context of these agreement texts and whether / how they should best be reflected in the repo.

    Validation is passed, but README must be updated, using https://github.com/finos/alloy/tree/build/README.md as template.

    点赞 评论 复制链接分享
  • weixin_39984661 weixin_39984661 5月前

    These should all be resolved now. Please could you confirm and close?

    点赞 评论 复制链接分享
  • weixin_39678426 weixin_39678426 5月前

    Scan is passed, closing issue.

    点赞 评论 复制链接分享