[PUP-7519] Enable rubocop security cop scan on ruby projects Created: 2017/05/10  Updated: 2018/08/04  Resolved: 2018/08/04

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 6.0.0

Type: Task Priority: Normal
Reporter: Jayant Sane Assignee: Jayant Sane
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicates PUP-7834 Change all calls to YAML.load into YA... Closed
Team: Security
Story Points: 2
Sprint: Hopper/Triage, Perf&Sec 2017-05-31, Perf&Sec 2017-06-14
QA Risk Assessment: Needs Assessment


Rubocop is a scanner for checking some violations including some security relevant.
Although a number of repo's were intended to undergo rubocop scans as part of regular CI processes, but the tool's configuration file have not been kept uptodate. As a result the scans were getting skipped.

This ticket captures work needed to revive scans for some high risk projects. Tentatively rubocop scans would be enabled on following repo's:

  • puppet
  • marionette-collective

Comment by Jayant Sane [ 2017/05/11 ]

Submitted PR for puppet: https://github.com/puppetlabs/puppet/pull/5855

Generated at Tue Nov 19 15:55:31 PST 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.