Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: add SHA-384 to list of secure crypto algorithms #18087

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Java: add SHA-384 to list of secure crypto algorithms #18087

wants to merge 1 commit into from
+9 −2

Conversation

jcogs33
Copy link
Contributor

@jcogs33 jcogs33 commented Nov 24, 2024
edited
Loading

Description

Adds SHA-384 as a secure algorithm so that the java/potentially-weak-cryptographic-algorithm query no longer flags it.

Adding SHA-384 aligns Java with other languages.

Pull Request checklist

All query authors

Internal query authors only

  • Changes are validated at scale (internal access required).

@jcogs33
Copy link
Contributor Author

jcogs33 commented Nov 25, 2024

DCA alerts look good. Adding SHA-384 as a secure algorithm removes 46 FP alerts from the OWASP benchmark.

@jcogs33 jcogs33 changed the title [DRAFT] Java: add SHA-224 and SHA-384 to list of secure crypto algorithms Java: add SHA-384 to list of secure crypto algorithms Nov 25, 2024
@jcogs33 jcogs33 marked this pull request as ready for review November 25, 2024 15:17
@jcogs33 jcogs33 requested a review from a team as a code owner November 25, 2024 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jcogs33