JaCoCo VS Wazuh

I will use here JaCoCo, where also the JaCoCo-Maven-lugin exists for the usage in your Maven builds. This article will show how to configure the code coverage to finally get the results for unit- and integration-tests.

In protection rules, I added build workflow in Require status checks to pass before merging. This is to ensure that before merging code in master branch, build should run successfully. I also added Jacoco Code Coverage to make sure that enough unit tests are available in project and Detekt to make sure that code in project is readable. I added them in build configuration. Even if one of them gives error, build will fail. Whenever, someone push code in pull request, build action will run and check if build is running successfully or not.

Code coverage analysis tools quantify the amount of tested code, serving as a valuable tool to inform on code structure and testing related decisions. We will make use of JaCoCo, JaCoCo produces reports on multiple kinds of code coverage metrics including instructions, line and branch coverage.

One specific example where I regularly use a profile in this way is for configuring code coverage. In all of my Java projects, I use JaCoCo for generating code coverage reports. I use JaCoCo during the Maven test phase. However, while developing I find it useful at times to exclude coverage reporting to reduce the build time. But in my CI/CD workflows in GitHub Actions, I activate the code coverage profile during pull-requests and pushes to the default branch. For pull-requests, my GitHub Actions workflow comments the code coverage on the PR and uploads the coverage report as a workflow artifact, where I can inspect it as necessary. And during a push to the default branch, my workflow updates coverage badges to keep them up to date with the current state of the default branch. I can also activate the code coverage profile locally while developing, such as prior to submitting a pull-request, to ensure that I didn't miss testing something.

In Unit tests, individual software code components are checked if it is working as expected or not. Unit tests isolate a function or module of code and verify its correctness. We can use tools like JaCoCo for Java and Mocha, and Jasmine for NodeJS to generate unit test reports. We can also send these reports to SonarQube which shows us code coverage and the percentage of your code covered by your test cases.

And there is the original jacoco/jacoco: (0.8.7: released this on May 5, 2021), but it's for Java. I'm not sure if we can use it with multiple flavors on Android.

Make sure to also update to Jacoco 0.8.7 to avoid test issues: https://github.com/jacoco/jacoco/releases/tag/v0.8.7

There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.

I use Wazuh instead. Greenbone CE is severely limited and requires payment for anything beyond the very basic. Super simple installation more features.

Seems like something that should be documented somewhere more official than a random reddit post for sure. Added it to https://github.com/wazuh/wazuh/issues/1112 for good measure.

Hmm, I've really been wanting to try Wazuh but since all our endpoints (Win10/11) are running a German locale I've run into https://github.com/wazuh/wazuh/issues/16842 when checking the compliance checks (CIS benchmarks) on a test installation of 4.6.

Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.

We are actively working on enhancing the system to allow users to mark vulnerabilities as "not vulnerable" or hide them. You can track the progress of this enhancement on the following GitHub issue: (Enhancement - Mark Vulnerabilities as Not Vulnerable).

Hello, thanks for using Wazuh, I will try to answer your questions: 1- I am going to check with the team in charge to see if there is a way. 2- Untriaged is a default value that is placed on vulnerabilities that do not have low, medium or high values https://github.com/wazuh/wazuh/issues/12675 3- As in the previous point, the providers of vulnerability lists have not provided the data.

Agents getting frequently pending and disconnecting