Hi James, Disclosure: I am a Staff Scientist at ShiftLeft Inc. I was also a Fedora packager and design contributor till few years back so it is super exciting to see Shiftleft's name in the short-list! I would recommend you try to use the open source tool called Shiftleft Scan (https://slscan.io) on a few projects and see how it works for you. It is fast, open source, completely on-prem, can even be integrated within VSCode as an extension or be installed as Docker/AppImage. We also provide free public usage of a limited version of our ShiftLeft NG-SAST (a SaaS based scan service) which is much more targeted and advanced. Let me know if you need help/feedback on how to integrate them in your workflow. -- Suchakra _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
