Week 4

(June 21, 2024 - June 27, 2024)

Meeting 1

(June 26, 2024)

Talked about how the differential scans need to work in detail, like:
- Should they be triggered on release only? As it makes sense to scan between two different versions when a new release it being published.
- Or should the user be able to scan between two different versions via any sort of trigger, like on push or commit as well?
Talked about the current implementation of custom keyword functionality, and how it can be extrapolated similarly for different scanners also.
We talked about fleshing out the design and implementation details first, then work on improving speed.

Completed custom keyword functionality. (#PR2769) The details are as follows:
- User can now setup a GH Action or Gitlab CI pipeline and pass environment variables to scan for custom keywords however they want. This gives them immense control over what they wan't to scan.
- Added some validity checks for the keyword.conf file as during testing, I found out that the scanner breaks if an invalid file is passed to it.
- Set up a test docker image (rjknightmare/fo-ci-test:latest) for testing. Here are the test results for the same:
  - GH Actions:
  - Gitlab CI:
Set up qemu emulator for the Github Actions environment to provide multiple architecture support, which also reduced the time for action execution significantly.
Studied about how we can implement differential (between two different versions) scans and explored these use cases:
- Use Case I: On release
- Use Case II: On push, commit or any other event trigger.

Study further on above use cases and work out a plan for the same.
Explore the GH Actions and Gitlab API's and use the best endpoints for our use cases.
Then start working on implementation of differential scans.