SonarQube Securty Advisories - sonarqube

I am trying to locate a web page or alert service that I can sign up for to receive information on security patches / alerts relating to SonarQube.
I need to rate these advisories on a monthly basis to ensure that all security patches are applied in a timely manner.
Regards
Sean

The downloads page lists all the updates. You could just check there once a month.
If you pay SonarSource for support, you could express the desire to receive this information by email as well.
I don't know of any service that lists the info you need. That said, I don't remember seeing a lot of security alerts. It's not like Java where there are quarterly patches.

Related

PSD2 SagePay - what requirements

Do I need to change anything within my payment gateway script on my ecommerce website, so it complies with PSD2 requirements on sagepay hosted?
I don't take payments on my website, but redirect people to SagePay.
My question is according to Septembers EU law changes.
With any luck, you won't need to make any changes, as SagePay should handle the SCA process for you via 3D secure V2. You will probably already have needed to upgrade your protocol version from 2.x to 3.0 (https://www.sagepay.co.uk/support/12/36/sage-pay-version-3-00-understanding-the-process), and if you have, then SagePay should take care of the 3DS process for you, and hopefully will upgrade that process to 3DS2 when they see fit.
You will need to ensure that you have 3DS turned on in your SagePay account (https://www.sagepay.co.uk/support/28/36/activating-adding-a-3d-secure-rule)
This article:
https://www.sagepay.co.uk/support/12/36/3d-secure-explained suggests that "Depending on which payment integration your site uses with Sage Pay you may have to make some changes to the integration, so it is important to flag with your developer/IT that you may need to make some development changes in June / July / August to ensure they will be ready to act for you. Specific details will be available in May." However, it's now June, and I haven't seen any such "specific details".
I'm not involved with SagePay, so I don't have any further knowledge than that - we too have an integration with SagePay, so I'm also waiting for further confirmation from them on what steps will need to be taken.
EDIT January 2022
At some point between June 2019 and January 2022, SagePay, or rather Opayo, have indeed updated their integration and they do require changes in order to fully cater for 3DSv2. Specifically, you will need to upgrade from Version 3.00 of their integration to Version 4.00 and pass some additional data. The migration process is documented here
Essentially you need to send some additional SCA data and "Credential on File" (CoF) data if you intend to do repeat transactions.
If you use the SagePay REST API (I don't think this applies to OP) then there are some changes you may need to make, the docs for it are available at https://developer.sage.com/api/payments/api/
As far as I understand it the old system is still available and working but implementing these changes should allow you to use frictionless checkout (where 3DS is automatically confirmed) and 2FA.

ManageEntitlementState workflow in Dynamics 365 version 9

Since Dynamics 365 version 9 upgrade, we have observed new workflows automatically created on CRM instance namely- ManageContractLineState, ManageContractState, ManageEntitlementState.
As I can see from the ManageEntitlementState workflow, it is to handle the status of entitlements in CRM. But earlier this was not done using CRM workflows.
Now each workflow instance will be running for each entitlement in our system which is a huge problem since it puts unnecessary load on our machine.
Is anyone else able to see these workflows on their instances? And why is MS adding these workflows?
October 2018 Release notes talks about deeper integration of entitlements between D365 offerings namely Field service & Sales (work order). There may be background automations happening to achieve this & Workflow is part of it.
Entitlement management
With this release, the Field Service application includes the ability to define entitlements and associate
them with work orders in field service scenarios. Entitlements help
service agents understand the service terms that customers are
eligible for.
This capability helps service organizations ensure
customers receive the appropriate on-site support that aligns with
their allowed entitlements, and that customers are charged according
to their negotiated terms.

Configure Programmatic Deployment for Virtual Machines from an Image

I want to create several VM's from this Image automatically.
When I'm getting redirected to the Portals Website I can choose the option "Want to deploy programmatically? Get started-->". Yes, I want to, but in this Windows it seems like my Subscription isn't enabled for this option.
(Picture) So it's just a button to enable my Subscription, isn't it? Otherwise the status was "Enabled" or "Disable" to disable my Subscription. If I click the "Enable"-Button, nothing happens.
Does anyone of you have an idea how to enable my Subscription? Well, perhaps my thinking is wrong?
Thank you in advance!
Well, This Enable option is Accepting the Terms of use as blow in advance:
By enabling programmatic purchases for the subscriptions selected
below, I (a) agree to the legal terms and privacy statement(s)
associated with each offering above, (b) for Azure subscriptions
purchased from Microsoft, authorize Microsoft to charge or bill my
current payment method for the fees associated with my use of the
offering(s), including applicable taxes, with the same billing
frequency as my Azure subscription, until I discontinue use of the
offering(s), and (c) agree that Microsoft may share my contact
information, and transaction details associated with my purchase of
the above offering(s), with any third-party vendors, if listed above.
Microsoft does not provide rights for third-party products or
services. See the Azure Marketplace Terms for additional terms.
When you use Azure portal to create Data Science Virtual Machine - Windows 2016:
In the last step, you will agree the Terms of user by clicking "Create":
But When you use Powershell or API to create Data Science Virtual Machine - Windows 2016:
It will aslo need to agree this Terms of user by UI, but if you want to approach automation without UI, you need to agree the Terms of user in Advance for your Subscription.
So, you can see the difference between the Enabled and NOT Enabled subscritpion Status of this Marketplace image:
Enabled:
NOT Enabled
Hope this helps!
I "solve" the Problem: There wasn't any. You can only enable/disable Subscriptions if you have more than one.

Visual Studio Team Services - Code repository privacy

I've used Visual Studio Online Team Services as a code repository and want to know if it is possible for Microsoft Employees to see the code you upload if they wanted to.
The privacy policy doesn't address this specifically that I can see but it does say that Microsoft can use your data for advertising purposes and they can share it with third parties. If "data" means my proprietary code that would be good to know.
Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the Online Service.
No, not merely if they "want to". Microsoft does provide a clause that allows them access if it's required for security or site operation:
From time to time, Microsoft employees need to obtain access to customer data stored within Team Services. As a precaution, all employees who have or may ever have access to customer data must pass a background check, which verifies previous employment and criminal convictions. In addition, we permit access to the production systems only when there’s a live site incident or other approved maintenance activity, which is logged and monitored.
(From the Visual Studio Team Services Data Protection Overview document.
That being said, this is the most liberal interpretation of this access. I worked as a senior software engineer on the VSO version control team and there's no possibility for me to get access to customer data. If you complain about a bug in our git repository handling, I'm going to ask you if you can give me a copy that I can use to reproduce - I can't just go get it. And if you decline, then I will not be able to get your data.
So while yes, we Microsoft engineers do have the theoretical ability to get to your files, there are significant policy and security safeguards against access and abuse.

magento integration with erp and crm

How to integrate Magento with ERP and CRM and which are erp's and crm's which is best integrated with Magento?
And how easy it is to do this integration?
See magento integration with erp and crm for how to do it. The easiest ERP / CRM systems will be ones that you can set up to pull information from Magento periodically and put it back in over webservices. Open source solutions (where you can monkey with the code) will work out better than closed source solutions, especially ones where you don't have direct database access.
As for ease, it depends on how much data will be transferred. Moving orders back to ERP, or moving customers to CRM is not difficult, but keeping everything highly synchronized is another story.
If you have other questions, please be more specific and I'll be happy to help.
Thanks,
Joe
InSync presents 'SBOeConnect', e-Commerce Connector for SAP Business One. SBOeConnect gives the flexibility for seamless integration between Magento Commerce with leading ERP Business Solution SAP Business One. SBOeConnect provides a real time synchronization between these two platforms, eliminating manual data entry and reducing data redundancy.
For more please visit at http://sboeconnect.com
Regards,
Soumen.
Team sboeconnect.com
I think you may try to use Web Service of the Magento. Write a "bridge" program to transfer/update data from Magento and the ERP system. There should be API for most of the ERP system.
Here is the link for Magento web service. Basically it is very convenient.
http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/introduction
And most of the time, you're supposed to handle order related information daily, you can setup cron job to run the "bridge" program then.
Try openbravo its an erp. They have a built-in connector for it to Magento. You can synchronize customers, products and sales order from Magento into Openbravo ERP. It can be scheduled by time or by frequency to be executed. The documentation for it can be had from here.

Resources