Skip to content

Add Division of Responsibility section to readme

Craig Smith requested to merge craigmsmith-define-division-of-responsibilities into main

What does this MR do?

To clear up any confusion as to what team is responsible for what section of SAST rules, this MR adds a short description of the sast rule projection sections of functionality and which team is directly responsible for them

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

  • The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
    • For positive cases: // ruleid: ...
    • For negative cases: // ok: ....
  • Following metadata fields exist for the rule(s) added/updated in this MR:
    • owasp with both 2017 and 2021 mappings.
    • category: "security"
    • cwe
    • shortDescription
    • security-severity
  • The message field is valid and contains a secure code example.
  • Applicable license is mentioned in the rule if embedded/taken from external source.
  • Relevant labels including workflow labels are appropriately selected.

Merge request reports