To promote secure code, on the OutSystems platform, there should be an option to run the application against The Open Web Application Security Project (OWASP) OWASP top 10 vulnerabilities.
In my opinion,
- LifeTime is the best place to run this before we tag the application and proceed with deployment to quality or production.
- It should be configurable in a deployment plan (to make this a manual step or automatically done each time we start with tagging)
- It MUST not stop the regular process of promoting the application to higher environments
- It should provide the scan result and store against each application tag