@@ -92,6 +92,34 @@ pytest -m enterprise --enterprise-uri "https://test-api.lifecyclesolutions.ni.co
9292It is important to note that depending on the terminal you are using,
9393you may need to escape special characters in the API key.
9494
95+ ## Security scanning with Snyk
96+
97+ This repository uses [ Snyk] ( https://snyk.io/ ) for security scanning to identify and
98+ fix vulnerabilities in code before they reach production. Snyk provides Static
99+ Application Security Testing (SAST) that scans your code for security issues as
100+ you develop.
101+
102+ - ** IDE integration** : Install the Snyk extension for
103+ [ Visual Studio Code] ( https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner )
104+ or
105+ [ Visual Studio] ( https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner-vs-2022 )
106+ to get real-time security feedback while writing code. To suggest the Snyk
107+ extension to contributors, add ` .vscode/extensions.json ` or ` .vsconfig ` files
108+ to your project root. The VSCode Snyk extension has a richer feature set and
109+ is the preferred IDE for working with Snyk.
110+ - ** Pull request scanning** : Snyk automatically scans PRs and posts comments for
111+ high/critical vulnerabilities.
112+ - ** Post-merge monitoring** : Automated bugs are created for unresolved issues
113+ after code is merged.
114+
115+ ** Contributors within NI/Emerson** : For detailed guidance on working with Snyk,
116+ including how to address security issues and create ignore records, see the
117+ [ Snyk reference] ( https://dev.azure.com/ni/DevCentral/_wiki/wikis/Stratus/146862/Snyk-reference ) .
118+
119+ ** Contributors outside of NI/Emerson** : If you are having issues resolving a
120+ vulnerability Snyk identifies on your PR, consult with a code owner to understand
121+ your options for resolution.
122+
95123## Developer Certificate of Origin (DCO)
96124
97125 Developer's Certificate of Origin 1.1
0 commit comments