I have uploaded the reports from HP SCA (Audit workbench) to Software Security centre, I am not able to "Audit Issues" the button is de-active. I have tried every possible option.
1. User with which i am log in as Admin (so no rights issue). However to be on safe side i have created a user and checked with other roles (Manager, Security Lead, Security Champs etc) and proper access permissions as well.
In artifacts i have upload one scan and it shows blue button of (SCA) coloumn on.
Any suggestions/Thoughts would be helpful.
enter image description here
Please check your license it would be expired. As i have seen most of the time if license are expired this happens.
Can you please go to Artifacts tab on ssc project and see of fpr file is uploaded correctly or waiting for approval ?
usually SSC ask for approval when
You're uploading fpr file generated with the scan engine version lower that the ssc server version
If you have already previous fpr is uploaded and new fpr file code has more than 10% difference
if that is so that you have to just approve the uploaded artifacts and add comment for approval.
Answer to you second question if you see blue button under sca column means your fpr is uploaded & processed successfully
Hope this helps ....
Related
I have a piece of software which I would like to lock down using a license key. This key contains the expiration date in unix timestamp format. To check if the license in valid in the software, I compare the current unix timestamp to the expiration date in the license key. Here's the tricky bit: I want to be able to allow the user to run the software offline without making a request to a server to validate the license (in essence, the user shouldn't require an external network connection to run the software).
Are there any strategies which can be used to prevent the user from simply changing the clock on their machine which essentially bypasses the license expiration?
I work for a company that provides two solutions for the problem of node locking a license to a device when that device does not have an internet connection.
I'd also start by saying that there's actually two parts to your question: How do you perform a license activation on a computer that does not have internet access, and how do you perform the license checks on the local machine, once you bound the license to that device.
If you don't node lock the license to the device, then anyone with the key you generated can just use it on an unlimited number of machines. For this you still need a way to communicate a device identifier back to the license server, even if it's not done through a direct internet connection.
Our first solution tackling offline node-locking does basically the same thing that our online activation does, except it's through a series of request / license files being exchanged between the client machine and the license server instead of Server-to-server interactions. The gist of it is as follows:
cyrusbehrVendor issues a license key for cyrusbehrApp and gives it to the end user.
End user enters it into the app, which generates a request file containing information on the device, and the key which is being used to activate the app (the file is / should be encrypted). The file is actually generated by the SDK that we supplied to cyrusbehrVendor, who imported it into their project and is shipped with the app. The end user takes this request file and uploads it to the License Server using our offline licensing portal.
The Offline licensing portal returns a license file that contains all the license information associated with that key, and can only be used by the device that requested it. The End user inputs this license file back into the app, which gets parsed by the SDK, which is used to configure the state of the application (according to the entitlements granted by the license). The SDK will also create a local license file to check against each time the app is run, for example.
Most Software developers might find this a "good enough" solution to offline licensing that isn't toooooo inconvenient for the end-user. However, if your requirement also does not allow for files to be exchanged, or files cannot leave the target machine, we also provide an air-gapped solution to unlock license policies shipped with your app. We designed our air-gapped license activation in the following way:
You ship your app with our SDK along with license policy files.
You issue license keys for your app that can be used to unlock a specific license policy.
through a series of code exchanges (rather than file exchanges), a license gets bound to a device, and allows a specific license policy to be used.
Concerning your question about local license checks and having some sort of anti-clock tampering mechanism, you can do the following:
Read and Store a time stamp of the system clock on the last license check. If a subsequent license check has a timestamp that occurs prior to that time, then you know there's something going on with the clock being changed. You can either disable the license, or just throw an exception and don't let the app run until a license check with a timestamp in the future. Also, be sure to use UTC, since timezone changes can and do happen.
I am trying to pubish my Winforms app to the Microsoft Store. My solution uses a Packaging project, and I selected "Publish" from the Packaging App in Visual Studio 2019.
I first selected item #1 in the screenshot below and went through the steps there (selecting the "Finish" button, which gave no feedback); then I selected item #2. There were also no messages after associating my app with the Store (either that it failed or not).
So I searched the Microsoft Store for my app, and it was not there...
What do I need yet to do, or what did I do wrong? What is the next step after associating my app to actually upload it?
By looking through screenshots I'd taken of a previous Microsoft Store submission, I was able to see that you must go here to submit your app:
https://partner.microsoft.com/en-us/dashboard/products/
...to submit an app; but from where do you reach this otherwise (if you don't already have the URL squirreled away somewhere)? It's odd that the submission page is hidden or at least so hard to find. Does MS actively discourage uploads of apps by making the process difficult?
It seems to me there should be an Upload option right from the Microsoft Store that would lead you to this page.
Currently the creation of a channel through the Graph API frequently results in the relative, corresponding Sharepoint folder not being created.
When using the Graph API to create a channel the response indicates creating the channel was a success, but when going to the files tab it shows:
"Your files can’t be found, working on it to restore them."
After having clicked on the files tab in the Teams UI, the folder is created eventually (after a couple of minutes).
But because automated processes depend on the channel folder, we don’t want to ask the user to manually open the team before the other processes can continue.
So: Team created: Ok -> Channel created: Ok-ish (But missing the linked folder) -> One-drive/share point folder, with the name of the channel: Not created
Sometimes the folder is created properly, but lately more often it is not created (Not even after 3-4 days of waiting) until the user opens the files tab in the Teams client.
This behaviour is new since it worked flawlessly until a week ago. Is there a known workaround for this?
We're following the default documentation for creating a channel via Graph API as described in the Microsoft Graph Reference
Best regards,
Dominic
This is by design or rather limitation of SPO provisioning is async as in create team succeeds without waiting for SPO site provisioning completes. In those scenarios when channel get provisioned before SPO that get created without files folder. The recovery mechanism is accessing files tab in the channel.
Currently there isn't any solution to check if provisioning is completed. However, there is a feature ask to provide an API to provision similar to what happens on the client (clicking on Files tab). We do not have any ETA on this.
I was wondering whether it is possible to monitor how many people are downloading my Blackberry app from the online store. Is there a developer/admin login to access this kind of data? I have a login for the vendor portal on BlackBerry App World but I dont see any such option there. Can anyone please help with regards to this topic?
I have tried the following:
In my vendor account, there is an option for "Download Reports" with which I have generated a chart report of the "Total Downloads" between specific dates. I am looking for a more detailed statistical version (Excel) as the chart is not as clear.
I managed to get the exact report required. In order to generate a statistical report of the number of downloads of a BlackBerry App from the online store, we can log in to our account (vendor account) and go to "Manage Reports". In it there is an option for "Schedule Reports". Inside "Schedule Reports", select the application for which you need the count of downloads and select a start date and end date. The report can be sorted by:
Date only
Product, then Date
Carrier, then Date
Country, then Date
Device, then Date
The report is detailed and can easily be downloaded both from "Manage Reports" as well as "Download Reports". The .csv file can be viewed in excel and can later be saved in .xls format as well.
I'm currently trying to find out if there is a way to allow our nightly build application users to submit bug items to TFS. Everything is developed and used within our private network so there aren't any security issues of that nature that I am aware of. I don't necessarily need them to be able to assign the bug specifics, but give a title and a description. It could be equally valuable if users can submit to an issue tracking page on the TFS Project Site.
Application Language: C#
Possible Workflow:
User encounters an issue while using the application
User click feedback button that is only shown in the nightly build
User fills form detailing issue
User clicks submit
Information including user's name is sent to the TFS server and a new bug item is created
Developers receive a notification (using tfs reporting) and assigns bug appropriately
Developer contacts user to elaborate on the issue
Developer fixes bug
You can use the existing work items, along with the work item web access feature (WIWA) to allow them to enter the bugs. I believe there isn't a license requirement for them to enter and view their own work items.
WIWA is (default) located at: http://tfs:8090/wiwa