Additional Guidance | VA Software Assurance

Skip to main content

VA Software Assurance

Home
Fortify
CodeQL
- CodeQL Usage
- CodeQL Errors
Snyk
- Snyk Usage
- Snyk Errors
Threat Modeling
Additional Guidance

This site uses Just the Docs, a documentation theme for Jekyll.

These technical notes provide general guidance on code review concerns:

Table of contents

How are SAST scans different than code review
How do I know if my application should be subject to code review
How secure code review is different than exploit development
How to address container manager password management findings
How to know if a database in a container environment should be trusted
How to know if a database should be trusted
How to know if a Redis in-memory data store should be trusted
How to know if configuration files should be trusted
How to know if container configuration data should be trusted
How to know if container environment variables can be trusted
How to know if external input should be trusted
How to know if it is safe to log sensitive information to a file
How to know if it is safe to log sensitive information to a log aggregator
How to Validate a V&V secure code review package
Secure Coding Resources
What are some recommended libraries for securing code
Why do I need to do code review if my environment is secure

GitHub at VA (part of VA OIT)
All content is available under Creative Commons Zero v1.0 Universal, except where otherwise stated.