Introduction
This article provides an overview of the security scanning options available for applications developed using Mendix. It explains which types of security scans are supported, the tools that can be used, and whether they can be integrated directly with the Mendix platform or require exported artifacts, such as application metadata or Java bytecode, for offline analysis.
Environment
Applications hosted in Mendix Cloud
Details
Mendix uses QSM (Quality and Security Management) for performing security and quality analysis scans on applications developed with Mendix. It is specifically designed to work with the Mendix low-code model rather than traditional source code.
- Integration with the Mendix platform: QSM can be integrated directly with the Mendix platform. There is no need to manually export metadata, Java bytecode, or other artifacts to perform the analysis offline.
- Note on traditional scanning tools: Standard source code scanners may not be directly applicable to Mendix applications due to the low-code nature of the platform. It is recommended to use tools that are aware of the Mendix model structure, such as QSM.
Internal information related
- 282589
- G01EQTEP83G/p1783478376440549
Additional information
NA
0 Comments