← Retour aux offres

(Sec)DevOps for Eclipse Steady

Postée le 08 nov.

Lieu : MOUGINS · Contrat : Stage · Rémunération : depending on the length of the internship and your diploma. €

Société : SAP Labs France SAS

Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Research at SAP Labs France, Sophia Antipolis
Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.

Description du poste

Nowadays software applications include more and more open-source (OSS) libraries. At the same time the number of vulnerabilities being discovered and publicly disclosed for OSS libraries is ever-increasing.
The gains obtained from the reuse of community-developed libraries may be offset by the cost of establishing a timely and effective vulnerability management process that allows organizations to identify, assess and mitigate vulnerabilities in open-source software. The consequences of poor vulnerability management are
demonstrated by the severe security incidents that appear in the news with alarming frequency: breaches, such as the one suffered by Equifax in 2017, can have major legal, financial, and societal impacts.

Existing tools tackling such problem rely on metadata to map OSS libraries to vulnerabilities and thus suffer from both false positives and false negatives. The solution developed at SAP Security Research is instead code-centric and combines static and dynamic analysis to determine the reachability of the vulnerable portion of libraries used (directly or transitively) by an application. The implemented tool supports the analysis of Java and Python applications, is the officially recommended tool at SAP and has been open-sourced in 2018 (https://github.com/SAP/vulnerability-assessment-tool). In 2019, the tool will be moved to the Eclipse Foundation (Eclipse Steady).

The goal of the internship is to improve the project according to the various qualities mentioned by the badge program of the Core Infrastructure Initiative (CII), esp. regarding test coverage, test automation, static and dynamic code analysis and documentation. The goal of the internship is to fulfill all criteria required to obtain the silver or gold badge.

Technologies/techniques involved are: Java, Jenkins, GIT/SVN, Maven.

Profil recherché

• University Level: Last year of MSc or less if the student has a good profile
• Good knowledge of the Java programming language, JUnit tests, Jenkins and Maven
• Good knowledge of versioning control systems like GIT or SVN
• Good knowledge of HTML5 technologies (JS, CSS, AJAX)
• Interest in development work
• Fluency in English (working language)
• Good oral and written communication skills

Voir le fichier joint

Pour postuler :

Please candidate by clicking on this link:

UPLOAD (all documents must be in English):
• Your CV
• Cover letter
• Any relevant documents