security development/testing tools for EdgeX?


Zeng, Tingyu <tingyu.zeng@...>
 

David & Riaz,

 

As we are getting close to identify the security features of EdgeX, we have covered KONG/Traeffic etc as reverse proxy, HashiCorp Vault for local secret protection etc, however it seems  security testing is something that hasn’t been brought out for discussion.

 

I am thinking some testing tools list here that may benefit the product, such as

-          Static code analysis ( VeraCode etc)

-          Pen testing suite (Metasploit, Nessus)

-          Container security ( Twistlock etc.)

 

what are your opinions regarding security tools that may benefit the development and testing in a big scope?

 

 

Thanks,

Tingyu

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.