Sep 05 2017 01:56 AM
Hi
Does anyone know if the PnP programme has undertaken any security reviews or source code checks?
I am working on a project that I feel the tools in the PnP program would be ideal such as the PnP PowerShell library, but i cannot use the library until the organisation I am working with approves the library on a security aspect.
Has anyone encountered this situation or have any recommendations for tools to perform security reviews on the code?
Thanks
Paul
Sep 05 2017 06:20 AM
SolutionNot aware of any official security checks around the PnP. Might have been done a one-off in the customer engagements/projects, but not from our side. PnP is using native oob APIs exposed from SharePoint, so there should not be any surprises from that perspective. In general, though PnP is open source, community driven initiative, with obvious implications from supportability perspective.
Just a quote around the supportability from the monthly communications - https://dev.office.com/blogs/pnp-august-2017-release.
Following statements apply across all of the PnP samples and solutions, including samples, core component(s) and solutions, like PnP Partner Pack.
Sep 05 2017 07:01 AM
Sep 05 2017 07:25 AM - edited Sep 06 2017 05:01 AM
Thanks Vesa for replying so quickly.
This is the answer I was looking for. I do appreciate the effort and work that has gone into the programme, what it has become over the years is very impressive. Thats why I am querying this, so I can use this library, but I have to follow a security process for due diligence. :)
Paul
Sep 05 2017 06:20 AM
SolutionNot aware of any official security checks around the PnP. Might have been done a one-off in the customer engagements/projects, but not from our side. PnP is using native oob APIs exposed from SharePoint, so there should not be any surprises from that perspective. In general, though PnP is open source, community driven initiative, with obvious implications from supportability perspective.
Just a quote around the supportability from the monthly communications - https://dev.office.com/blogs/pnp-august-2017-release.
Following statements apply across all of the PnP samples and solutions, including samples, core component(s) and solutions, like PnP Partner Pack.