address the source map problem that federalist's ISSO has

Question

address the source map problem that federalist's ISSO has

Closed this issue 3 years ago · 2 comments

Some new personnel is handling the false positive verification on our Netsparker scans and they are now re-flagging the source code disclosure from the lodash module. It appears they are unlikely to accept the justification. You may need to remove the JS source maps or figure out how to purge the comments in them during the build process.

Would you mind just not publishing the source map for the site scanning api Federalist site?

https://github.com/18F/site-scanning-query-builder

Answer 1 · 2021-04-08T18:03:29.000Z

Update - I just heard back that they were able to push back again in the meantime, so we can hold on worrying about this. It'll likely recur though, so we might as well save ourselves future hassle when we get a chance.

Answer 2 · 2021-04-15T17:35:18.000Z

moved to GSA/site-scanning#9