Automated Security Scans

Hi!

We are currently using Jitsi on private server setup and find it to be a very good tool.

My question is in regards to working with enterprises wishing to have it installed in there infrastructure.

Does Jitsi yourself run any type of automated or manual security scans on deployments?

I know that on the jitsi-meet frontend npm will take care of informing about outdated packages. Is there something similar for Jicofo or Videobridge for instance?

Thanks!

Welcome to the forum!

If by security scans you mean update notifications, yes. When new versions of the components are pushed out, you get notified and can choose to upgrade.

Thank you :slight_smile:

So, I was thinking more about static application security testing. So in the case of Java/Kotlin that Videobridge and Jicofo is coded in, if you run something like Spotbugs (https://spotbugs.github.io/) as part of the Github actions or some other CI process? Or even as a manual process?

We already do that for jvb and jicofo jitsi-videobridge/pom.xml at 203a1b44f30edf3665d120392e413a388d6e614c · jitsi/jitsi-videobridge · GitHub