Question Relating to Aspose Security Practices

crussell.vena · March 15, 2023, 2:48pm

Hi there,

We’re currently evaluating Aspose.Cells for Java and as a next step before purchasing our Security team has a few questions that I was hoping someone could answer!

What dependencies are baked into Aspose.cells for Java? Has all the code been written in house, or does it rely on other 3rd party libraries or services?
Does the code for Aspose call anything externally? If so, does this change by plan type?
As apart of Aspose’ own security review process - Does Aspose perform static application security testing?

Thanks in advance!

simon.zhao · March 15, 2023, 3:04pm

@crussell.vena

Now Aspose.Cells for Java only depends on BouncyCastle 3rd party libraries. Please note, these libraries are used for two processes/features: applying AES encryption for Excel files and setting digital signatures of VBA project.

No.

We use SonarQube to perform static application security testing.

crussell.vena · March 16, 2023, 2:00pm

Much appreciated @simon.zhao, This answers my questions for now - Thanks!

amjad.sahi · March 16, 2023, 2:30pm

@crussell.vena,

You are welcome. Should you have further queries or comments, feel free to write us back, we will be happy to assist you soon.