Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration candidate: 2021-03-05 #838

Merged
merged 3 commits into from
Mar 5, 2021
Merged

Integration candidate: 2021-03-05 #838

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8d13983
Fix #836, Add Testing Tools to the Security Policy
arielswalker Mar 5, 2021
716790b
Merge remote-tracking branch 'ariel/SecurityPolicy' into ic-20210305
skliper Mar 5, 2021
ead5723
IC-20210305, Update readme and version
skliper Mar 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ The autogenerated OSAL user's guide can be viewed at <https://github.com/nasa/cF

## Version History

### Development Build: v5.1.0-rc1+dev297

- Fix #836, Add Testing Tools to the Security Policy
- See <https://github.com/nasa/osal/pull/838>

### Development Build: v5.1.0-rc1+dev293

- Avoids various "possible uninitialized variable" warnings for routines that utilize this API.
Expand All @@ -25,8 +30,6 @@ The autogenerated OSAL user's guide can be viewed at <https://github.com/nasa/cF
Adds `osapi-version.c` to implement these 3 calls and associated coverage test. This allows the version.c file to be auto-generated in the future.
- See <https://github.com/nasa/osal/pull/835>



### Development Build: v5.1.0-rc1+dev280

- Makes tests skip after getting their first not implemented error.
Expand Down
32 changes: 29 additions & 3 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,38 @@

To report a vulnerability for the OSAL subsystem please [submit an issue](https://github.com/nasa/osal/issues/new/choose).

For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy).
For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy) for additional information.

In either case please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label.

## Testing

**Disclaimer: nasa/OSAL is not responsible for any liability incurred under the [Apache License 2.0](https://github.com/nasa/osal/blob/main/LICENSE).**

Testing is an important aspect our team values to improve OSAL.

To view tools used for the cFS bundle, see our [top-level security policy](https://github.com/nasa/cFS/security/policy).

### CodeQL

The [OSAL CodeQL GitHub Actions workflow](https://github.com/nasa/osal/actions/workflows/codeql-build.yml) is available to the public. To review the results, fork the OSAL repository and run the CodeQL workflow.

CodeQL is ran for every push and pull-request on all branches of OSAL in GitHub Actions.

For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-action.

### Cppcheck

The [OSAL Cppcheck GitHub Actions workflow and results](https://github.com/nasa/osal/actions/workflows/static-analysis.yml) are available to the public. To view the results, select a workflow and download the artifacts.

Cppcheck is ran for every push on the main branch and every pull request on all branches of OSAL in Github Actions.

For more information about Cppcheck, visit http:https://cppcheck.sourceforge.net/.

## Additional Support

For additional support, email us at [email protected]. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc.
For additional support, submit a GitHub issue. You can also email the cfs community at [email protected].

You can subscribe to the mailing list [here](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc.

If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address [email protected].
If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address [email protected].
2 changes: 1 addition & 1 deletion src/os/inc/osapi-version.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
/*
* Development Build Macro Definitions
*/
#define OS_BUILD_NUMBER 293
#define OS_BUILD_NUMBER 297
#define OS_BUILD_BASELINE "v5.1.0-rc1"

/*
Expand Down