cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
0 Likes

Code Review tool on SAS code

Status: Suggestion Under Review Submitted by Calcite | Level 5 on ‎11-22-2023 06:13 AM
4 Comments (4 New)

Third party tools like Sonar Cloud do not offer SAS code connectors, that means that it is not possible  to review customized SAS code on vulnerabilities and or quality.

To be sure that we deploy and expose secure code it would be beneficial to have a code review tool from SAS. 

 

 

See more ideas labeled with:
4 Comments
SASKiwi
PROC Star
PROC Star
‎11-22-2023 03:12 PM
‎11-22-2023 03:12 PM

Not sure what you mean by secure code in this context. The security of a SAS installation is dictated by its detailed architectural design and security model.  

0 Likes
LinusH
Tourmaline | Level 20
Tourmaline | Level 20
‎11-23-2023 06:45 AM
‎11-23-2023 06:45 AM

Even if I generally agree @SASKiwi , there coulde be risky programming, e.g., issueing OS  commands, hard coded passwords etc.

But it would be  great to have a tool thet could asses both programs/applications and the architecture itself from a security/safety standpoint.

0 Likes
FrankDLL
Calcite | Level 5
Calcite | Level 5
‎11-23-2023 06:53 AM
‎11-23-2023 06:53 AM

This not about the SAS code itself, because I know that is reviewed by SAS internally. This is about the customizations (extensions and modifications) on our side that need to be reviewed (on security issues but also on proper coding).

0 Likes
Alexey_Vodilin
SAS Employee
SAS Employee
‎08-26-2024 06:41 AM
‎08-26-2024 06:41 AM
Status changed to: Suggestion Under Review
 
0 Likes