{"id":17383253,"url":"https://github.com/priv-kweihmann/meta-sca","last_synced_at":"2026-01-03T10:05:09.882Z","repository":{"id":37790191,"uuid":"167209363","full_name":"priv-kweihmann/meta-sca","owner":"priv-kweihmann","description":"Layer for static code analysis and security hardening","archived":false,"fork":false,"pushed_at":"2025-03-29T06:55:51.000Z","size":869624,"stargazers_count":95,"open_issues_count":27,"forks_count":36,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-29T07:07:25.717Z","etag":null,"topics":["bitbake","c","cxx","defense-in-depth","embedded-linux","go","jenkins","linter","linux","perl","poky","python","security-hardening","shellscript","static-code-analysis","yocto"],"latest_commit_sha":null,"homepage":"","language":"BitBake","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/priv-kweihmann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-23T15:51:28.000Z","updated_at":"2025-03-29T06:55:54.000Z","dependencies_parsed_at":"2023-02-17T15:15:48.070Z","dependency_job_id":"c5fc3dd0-6aa1-4cd4-86da-4128ca8dbea3","html_url":"https://github.com/priv-kweihmann/meta-sca","commit_stats":{"total_commits":14158,"total_committers":12,"mean_commits":"1179.8333333333333","dds":0.002542732024297223,"last_synced_commit":"cdbb698b33d2c966e035d89495acd96d931f75a8"},"previous_names":[],"tags_count":146,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-sca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-sca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-sca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-sca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/priv-kweihmann","download_url":"https://codeload.github.com/priv-kweihmann/meta-sca/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305934,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitbake","c","cxx","defense-in-depth","embedded-linux","go","jenkins","linter","linux","perl","poky","python","security-hardening","shellscript","static-code-analysis","yocto"],"created_at":"2024-10-16T07:41:04.793Z","updated_at":"2026-01-03T10:05:09.877Z","avatar_url":"https://github.com/priv-kweihmann.png","language":"BitBake","funding_links":[],"categories":[],"sub_categories":[],"readme":"# meta-sca \u003c!-- omit in toc --\u003e\n\n![https://img.shields.io/badge/Supported%20languages-C%2CC%2B%2B%2CGo%2CPython%2CShell%%2Cperl-informational](https://img.shields.io/badge/Supported%20languages-C%2CC%2B%2B%2CGo%2CPython%2CShell%2Cperl-informational)\n\n[![Nightly](https://github.com/priv-kweihmann/meta-sca/actions/workflows/nightly_master.yml/badge.svg)](https://github.com/priv-kweihmann/meta-sca/actions/workflows/nightly_master.yml)\n[![Latest commit](https://github.com/priv-kweihmann/meta-sca/actions/workflows/push_master.yml/badge.svg)](https://github.com/priv-kweihmann/meta-sca/actions/workflows/push_master.yml)\n\nFor the list of current findings from pipelines see [meta-sca report](https://priv-kweihmann.github.io/)\n\n## Important note \u003c!-- omit in toc --\u003e\n\nAs announced by [this discussion](https://github.com/priv-kweihmann/meta-sca/discussions/8723) at the end of April 2022 this layer will undergo a major change in support.\n\nSupport will be given only for `master` branch\n\n### What can I do when I'm affected by the changes\n\nA maintainers guide can be found [here](docs/maintainer_guide.md).\nFeel free to raise pull requests against not officially supported branches.\n\nSupport for these branches, including quality control, has to be done fully by the community\n\n## Table of content \u003c!-- omit in toc --\u003e\n\n- [Purpose](#purpose)\n- [Getting started](#getting-started)\n- [Installation](#installation)\n  - [Prerequisites](#prerequisites)\n  - [Use of containers](#use-of-containers)\n  - [Use in CI](#use-in-ci)\n  - [Setup](#setup)\n  - [Kas](#kas)\n- [Web monitor](#web-monitor)\n- [Support](#support)\n  - [Releases](#releases)\n  - [Compatibility](#compatibility)\n- [Licensing](#licensing)\n- [Zero impact](#zero-impact)\n- [Available tools](#available-tools)\n  - [Overview of tools](#overview-of-tools)\n- [Further documentation](#further-documentation)\n- [Contributing](#contributing)\n  - [Get involved](#get-involved)\n  - [Security Policy](#security-policy)\n\n## Purpose\n\nPurpose of this layer is to provide a proper set of static analysis tools for your YOCTO build.\nAll provided tools can be easily configured and integrated into any CI service (like e.g. Jenkins).\n\nAll results are stored to __SCA_EXPORT_DIR__ (which defaults to __${DEPLOY_DIR_IMAGE}/sca__). The results will be stored in the raw-format of the corresponding tool and in checkstyle-format.\n\n## Getting started\n\nFor a quick start how to use this layer see [getting started guide](docs/getting_started.md)\n\nYou can also watch the following talk\n\n[![Watch the video](https://img.youtube.com/vi/41XtNkwi6cc/default.jpg)](https://youtu.be/41XtNkwi6cc)\n\nI gave for YS2023.11 to get started.\n\n## Installation\n\nTo install clone the needed branch(es) to any path on your local system.\n\n### Prerequisites\n\n- You need the current standard [__poky__-layer](https://git.yoctoproject.org/cgit/cgit.cgi/poky/) installed onto your local build environment.\n\n### Use of containers\n\nIt is recommended to use `privkweihmann/yocto-sca-minimal:2004` docker container for building, which has all necessary requirements already installed.\n\n### Use in CI\n\nWhen you're planing to use meta-sca in your CI/CD, it is advised to use the minified layer [meta-sca-minified](https://github.com/priv-kweihmann/meta-sca-minified) to save you from cloning this fairly large repository.\n\n**NOTE** [meta-sca-minified](https://github.com/priv-kweihmann/meta-sca-minified) only offer releases of this layer for releases made after 03/2020\n\n### Setup\n\nIn your __bblayers.conf__-file add the following line\n\n``` shell\nBBLAYERS += \"\u003cfull path to sca-layer\u003e/meta-sca\"\n```\n\nor with poky layer already setup run in shell\n\n```shell\nbitbake-layers add-layer \"\u003cfull path to sca-layer\u003e/meta-sca\"\n```\n\n### Kas\n\nAlternatively you can use [kas](https://kas.readthedocs.io) to setup the workspace.\nUse `conf/kas/scatest-qemux86-64.yaml` from this layer\n\n## Web monitor\n\nIf you're not quite convinced what this layer can do for you, have a look at the [web monitor](https://priv-kweihmann.github.io/), where all findings from the layer CI pipelines are publically available.\n\n## Support\n\nActively maintained branch is currently only `master`.\nUnmaintained branches will only receive package updates on demand.\nSupport for unmaintained branches has to be done by the community.\n\nStatus of the branches is described at [SECURITY.md](SECURITY.md).\n\nIt's advised to use the tagged source versions in productive environment.\n\n### Releases\n\nSee [SECURITY.md](SECURITY.md) for details\n\n### Compatibility\n\nIf there is a technical issue that might break backward compatibility it will be mentioned in release note of the corresponding milestone release.\n\n## Licensing\n\nThis layer does only provide open source tools.\nThe layer itself is licensed under BSD.\n\nIf individual files are licensed under different terms, terms and conditions\ncan be found in the individual file header\n\n## Zero impact\n\nThis layer provides only **-native** tools, so actually none of the build binaries will be deployed to your target.\nEverything happens on the build machine.\n\n## Available tools\n\nThe layer can check on a recipe-level or on an image-level.\n\n- On image-level the whole root-filesystem could be taken into account, which in most cases can't be granted on a recipe-level.\n- On the other hand some static code analysis does not make any sense on an image-level - so this layer does have different tools for both level available.\n\n### Overview of tools\n\n| Module          | Description                                   | Homepage                                                              | Requires      | Requires inet | Run on image | Run on recipe | Available in SDK | C   | C++ | Python | Shell | Javascript | PHP | Go  | Images | LUA | Spelling | Metrics | Binaries | Packages | Other formats | Security scope | Functional scope | Style scope |\n| --------------- | --------------------------------------------- | --------------------------------------------------------------------- | ------------- | ------------- | ------------ | ------------- | ---------------- | --- | --- | ------ | ----- | ---------- | --- | --- | ------ | --- | -------- | ------- | -------- | -------- | ------------- | -------------- | ---------------- | ----------- |\n| bandit          | Scan python code for insecurities             | https://github.com/PyCQA/bandit                                       |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               | x              |                  |             |\n| bashate         | Shell script linter                           | http://docs.openstack.org/developer/bashate/                          |               |               | x            | x             | x                |     |     |        | x     |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| bitbake         | Bitbake issue handling                        |                                                                       |               |               | x            | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          | x        |               |                | x                | x           |\n| cbmc            | C Bounded Model Checker                       | https://github.com/diffblue/cbmc/                                     |               | x             |              | x             |                  | x   |     |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| checkbashisms   | Shell script linter                           | https://manpages.debian.org/jessie/devscripts/checkbashisms.1.en.html |               |               | x            | x             | x                |     |     |        | x     |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| cmake           | Get cmake errors and warnings                 |                                                                       |               |               |              | x             |                  | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| cppcheck        | C/C++ linter                                  | https://github.com/danmar/cppcheck                                    |               |               |              | x             | x                | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               | x              | x                | x           |\n| cpplint         | C/C++ linter                                  | https://github.com/cpplint/cpplint                                    |               |               |              | x             | x                | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               | x              | x                | x           |\n| cvecheck        | Check for unpatched CVEs                      | https://github.com/clearlinux/cve-check-tool                          | manual enable | x             |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          | x        |               | x              |                  |             |\n| darglint        | Python docstring linter                       | https://github.com/terrencepreilly/darglint                           |               |               |              | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                |                  | x           |\n| dennis          | I18N linter                                   | https://github.com/willkg/dennis/                                     |               |               |              | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                | x                | x           |\n| detectsecrets   | Detect hardcoded secrets in code              | https://github.com/Yelp/detect-secrets                                |               |               | x            | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          | x        |               | x              | x                |             |\n| flake8          | Python linter                                 | http://flake8.pycqa.org/en/latest/                                    |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| flawfinder      | C/C++ security linter                         | https://github.com/david-a-wheeler/flawfinder                         |               |               |              | x             | x                | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               | x              |                  |             |\n| flint           | C/C++ linter                                  | https://github.com/JossWhittle/FlintPlusPlus                          |               |               |              | x             | x                | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| gcc             | GCC compiler issues and hardening             |                                                                       |               |               |              | x             |                  | x   | x   |        |       |            |     |     |        |     |          |         |          |          |               | x              | x                |             |\n| golint          | GO linter                                     | https://github.com/golang/lint                                        |               |               |              | x             | x                |     |     |        |       |            |     | x   |        |     |          |         |          |          |               |                |                  | x           |\n| it              | Python linter                                 | https://github.com/thg-consulting/it                                  |               |               |              | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| jsonlint        | JSON file linter                              |                                                                       |               |               | x            | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                | x                |             |\n| kconfighard     | Kernel config hardening checker               | https://github.com/a13xp0p0v/kconfig-hardened-check                   |               |               |              | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |\n| licensecheck    | Scan code for license information             | https://github.com/boyter/lc                                          |               |               |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |\n| looong          | Find functions with too long arglists         | https://github.com/anapaulagomes/looong                               |               |               |              | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                |                  | x           |\n| msgcheck        | I18n linter                                   | https://github.com/codingjoe/msgcheck                                 |               |               |              | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                |                  | x           |\n| multimetric     | Coding metrics                                | https://github.com/priv-kweihmann/multimetric                         | manual enable |               | x            | x             | x                | x   | x   | x      |       | x          | x   | x   |        | x   |          | x       |          |          |               |                |                  | x           |\n| mypy            | Python linter                                 | https://github.com/python/mypy                                        |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| oelint          | Bitbake recipe linter                         | https://github.com/priv-kweihmann/oelint-adv                          |               |               | x            | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                |                  | x           |\n| perl            | Perl warnings check                           |                                                                       |               |               |              | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                | x                |             |\n| perlcritic      | Perl linter                                   | https://metacpan.org/pod/perlcritic                                   |               |               |              | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                | x                |             |\n| pkgqaenc        | Enhanced package QA                           |                                                                       |               |               |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          | x        |               | x              |                  |             |\n| pscan           | Find insecure printfs                         | http://deployingradius.com/pscan/                                     |               |               |              | x             | x                | x   |     |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| pylint          | Python linter                                 | https://github.com/PyCQA/pylint                                       |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| pysymcheck      | Check binaries for forbidden function usage   | https://github.com/priv-kweihmann/pysymbolcheck                       |               |               |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         | x        |          |               | x              |                  |             |\n| rats            | Check on insecurities in several languages    | https://github.com/redNixon/rats                                      |               |               |              | x             | x                |     | x   | x      | x     |            | x   |     |        |     |          |         |          |          |               | x              |                  |             |\n| reuse           | Scan code for license information             | https://github.com/fsfe/reuse-tool                                    |               |               |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |\n| revive          | GO linter                                     | https://github.com/mgechev/revive                                     |               |               |              | x             | x                |     |     |        |       |            |     | x   |        |     |          |         |          |          |               |                | x                | x           |\n| ruff            | Extremely fast python linter                  | https://github.com/astral-sh/ruff                                     |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| scancode        | Scan code for license information             | https://github.com/nexB/scancode-toolkit                              |               |               |              | x             |                  |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              |                  |             |\n| setuptoolslint  | Lint python-setup.py                          | https://github.com/johnnoone/setuptools-pylint                        |               |               |              | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| shellcheck      | Shell script linter                           | https://github.com/koalaman/shellcheck                                |               |               | x            | x             | x                |     |     |        | x     |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| slick           | Shell script linter                           | https://github.com/mcandre/slick                                      |               |               | x            | x             | x                |     |     |        | x     |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| sparse          | C linter                                      | https://sparse.wiki.kernel.org/index.php/Main_Page                    |               |               |              | x             | x                | x   |     |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| stank           | Shell script linter                           | https://github.com/mcandre/stank                                      |               |               | x            | x             | x                |     |     |        | x     |            |     |     |        |     |          |         |          |          |               |                | x                | x           |\n| systemdlint     | Systemd unit linter                           | https://github.com/priv-kweihmann/systemdlint                         |               |               | x            | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             | x              | x                | x           |\n| tlv             | Find duplicate code                           | https://github.com/priv-kweihmann/tlv                                 | manual enable |               | x            | x             | x                | x   | x   | x      |       | x          | x   | x   |        |     |          |         |          |          |               | x              |                  | x           |\n| tscancode       | C and lua linter                              | https://github.com/Tencent/TscanCode                                  |               |               |              | x             | x                | x   |     |        |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| vulture         | Find dead python code                         | https://github.com/jendrikseipp/vulture                               |               |               | x            | x             | x                |     |     | x      |       |            |     |     |        |     |          |         |          |          |               |                | x                |             |\n| xmllint         | XML linter                                    | http://xmlsoft.org/xmllint.html                                       |               |               | x            | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                | x                |             |\n| yamllint        | YAML linter                                   | https://github.com/adrienverge/yamllint                               |               |               | x            | x             | x                |     |     |        |       |            |     |     |        |     |          |         |          |          | x             |                |                  | x           |\n\neach tool does have it's own benefits and flaws so don't be mad if you have 10k+ findings on the initial run.\n\n## Further documentation\n\n- [Global Configuration](docs/conf/global.md)\n  - [Blacklisting sources](docs/conf/blocklist.md)\n  - [Configuration wizard](docs/conf/wizard.md)\n  - [Custom severity](docs/conf/sevtransform.md)\n  - [Enable SCA locally/globally](docs/conf/inherit.md)\n  - [Fatal findings](docs/conf/suppression.md)\n  - [Filter findings](docs/conf/findingsfilter.md)\n  - [Filter out files to check](docs/conf/filefilter.md)\n  - [Output formats](docs/conf/output_formats.md)\n  - [Suppress findings](docs/conf/suppression.md)\n  - [Trace source files](docs/conf/tracefiles.md)\n  - [SDK support](docs/sdk_support.md)\n  - Tools\n    - [bandit](docs/conf/module/bandit.md)\n    - [bashate](docs/conf/module/bashate.md)\n    - [bitbake](docs/conf/module/bitbake.md)\n    - [cbmc](docs/conf/module/cbmc.md)\n    - [checkbashism](docs/conf/module/checkbashism.md)\n    - [cmake](docs/conf/module/cmake.md)\n    - [cppcheck](docs/conf/module/cppcheck.md)\n    - [cpplint](docs/conf/module/cpplint.md)\n    - [cvecheck](docs/conf/module/cvecheck.md)\n    - [darglint](docs/conf/module/darglint.md)\n    - [dennis](docs/conf/module/dennis.md)\n    - [detectsecrets](docs/conf/module/detectsecrets.md)\n    - [flake8](docs/conf/module/flake8.md)\n    - [flawfinder](docs/conf/module/flawfinder.md)\n    - [flint++](docs/conf/module/flint++.md)\n    - [gcc](docs/conf/module/gcc.md)\n    - [golint](docs/conf/module/golint.md)\n    - [it](docs/conf/module/it.md)\n    - [jsonlint](docs/conf/module/jsonlint.md)\n    - [kconfighard](docs/conf/module/kconfighard.md)\n    - [licensecheck](docs/conf/module/licensecheck.md)\n    - [looong](docs/conf/module/looong.md)\n    - [msgcheck](docs/conf/module/msgcheck.md)\n    - [multimetric](docs/conf/module/multimetric.md)\n    - [mypy](docs/conf/module/mypy.md)\n    - [oelint](docs/conf/module/oelint.md)\n    - [perl](docs/conf/module/perl.md)\n    - [perlcritic](docs/conf/module/perlcritic.md)\n    - [pkgqaenc](docs/conf/module/pkgqaenc.md)\n    - [pscan](docs/conf/module/pscan.md)\n    - [pylint](docs/conf/module/pylint.md)\n    - [pysymcheck](docs/conf/module/pysymcheck.md)\n    - [rats](docs/conf/module/rats.md)\n    - [reuse](docs/conf/module/reuse.md)\n    - [revive](docs/conf/module/revive.md)\n    - [ruff](docs/conf/module/ruff.md)\n    - [scancode](docs/conf/module/scancode.md)\n    - [setuptoolslint](docs/conf/module/setuptoolslint.md)\n    - [shellcheck](docs/conf/module/shellcheck.md)\n    - [slick](docs/conf/module/slick.md)\n    - [sparse](docs/conf/module/sparse.md)\n    - [stank](docs/conf/module/stank.md)\n    - [systemdlint](docs/conf/module/systemdlint.md)\n    - [tlv](docs/conf/module/tlv.md)\n    - [tscancode](docs/conf/module/tscancode.md)\n    - [vulture](docs/conf/module/vulture.md)\n    - [xmllint](docs/conf/module/xmllint.md)\n    - [yamllint](docs/conf/module/yamllint.md)\n- Configuration Examples\n  - [C/C++ code while developing](docs/conf/examples/c_inflight.md)\n  - [Image monitoring](docs/conf/examples/img_complete.md)\n  - [Image security/hardening monitor](docs/conf/examples/img_secure.md)\n  - [Python code while developing](docs/conf/examples/python_inflight.md)\n  - [Shell code while developing](docs/conf/examples/shell_inflight.md)\n  - [Webapps while developing](docs/conf/examples/web_inflight.md)\n  - [Recommended tools for software integration](docs/conf/examples/integrators_favorites.md)\n- [Results](docs/conf/results.md)\n- Build system integration\n  - [Control via command-line](docs/build/control_build_by_cmdline.md)\n  - [SCA bot](docs/build/scabot.md)\n  - Jenkins integration\n    - [Basic jenkins integration](docs/build/jenkins/integration_basic.md)\n    - [Parameterized jenkins build](docs/build/jenkins/integration_parameter.md)\n- Application notes\n  - [Recipe buildtime dependencies](docs/sca/buildtime_dependencies.md)\n  - [How are the statistics of a tool calculated?](docs/sca/build_exec_times.md)\n  - [How to build your own module](docs/add_your_own.md)\n  - [build and version conflicts](docs/sca/version_preference.md)\n  - [maintaining your own branch](docs/maintainer_guide.md)\n- Case studies\n  - [Regression on severe code issues](docs/casestudy/simple_regression.md)\n  - [Idenfying hardening and security potential](docs/casestudy/adv_security.md)\n\n## Contributing\n\nPlease see the detailed [contribution guideline](CONTRIBUTING.md) for details\n\n### Get involved\n\nTo get involved following things can be done\n\n- create an issue\n- fix an issue and create a pull request\n- see the pinned issues in the [bugtracker](https://github.com/priv-kweihmann/meta-sca/issues)\n\n### Security Policy\n\nFor the project's security policy please see [here](SECURITY.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpriv-kweihmann%2Fmeta-sca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpriv-kweihmann%2Fmeta-sca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpriv-kweihmann%2Fmeta-sca/lists"}