BookmarkSubscribeRSS Feed
0 Likes

Third party tools like Sonar Cloud do not offer SAS code connectors, that means that it is not possible  to review customized SAS code on vulnerabilities and or quality.

To be sure that we deploy and expose secure code it would be beneficial to have a code review tool from SAS. 

 

 

4 Comments
SASKiwi
PROC Star

Not sure what you mean by secure code in this context. The security of a SAS installation is dictated by its detailed architectural design and security model.  

LinusH
Tourmaline | Level 20

Even if I generally agree @SASKiwi , there coulde be risky programming, e.g., issueing OS  commands, hard coded passwords etc.

But it would be  great to have a tool thet could asses both programs/applications and the architecture itself from a security/safety standpoint.

FrankDLL
Calcite | Level 5

This not about the SAS code itself, because I know that is reviewed by SAS internally. This is about the customizations (extensions and modifications) on our side that need to be reviewed (on security issues but also on proper coding).

Alexey_Vodilin
SAS Employee
Status changed to: Suggestion Under Review