Hello All,
Has anyone ever ran secure code scanning tools against a bunch of vRO workflows before ? We are in need for the javascript code to be vetted by one of the scanning software like Coverty or Veracode. I have tried a few opensource ones from https://owasp.org/www-community/Source_Code_Analysis_Tools# , they don't seem to work. Some of them expect a git repo and some of them needs to be linked to github/bitbucket projects. In our case, it's just a plain vRO, no vRA so no gitlab integration. I could export the workflows as a package, they seem to hide the workflow javascript code in "data" files. So wondering if anyone had to do this before and how you ended up solving this.
Thank you in advance,
Regards,
Sundar
I have the same need right now, did you find a solution ? Thanks in advance.
Hello,
We didn't find any workable solution for scanning the workflow code itself. Instead we ended up using scanning ONLY the underlying vRO plugin java code.
Regards
Sundar.
I dont know how much this will be of help. But try using vRODoc to convert your vRO actions (not wfs) to pure JS code and scan it afterwards. No vRA or Git required. Code gets saved locally. Tutorial is available here (https://bit.ly/vRODoc) and code is available here https://github.com/imtrinity94/vRODoc.
Challenge is definitely to move your code from WFs to Actions.