...
Quality assurance and management (QA) usually relies on tests conducted at different levels. In GÉANT it is the SDTs who are responsible for organizing and executing tests, although there are some best practices for SDTs (elaborated by WP9T2) that provide recommendations to the teams with that respect. Another pillar of quality is static code analysis and review, which is as important as software testing and is necessary to deliver high-quality software products. WP9T2 offers a variety of code review services: from the assessment performed solely by a tool (SonarQube and WhiteSource Mend) and interpreted by WP9T2's experts, up to a comprehensive review conducted by human subject-matter experts. The services provide a high level of security and maintainability related protection for the GÉANT products and can be customized to fit the SDTs' needs.
...
Management of external software libraries, their licences and their mutual compatibility is also a crucial concern for GÉANT. WP9T2 offers a service based on the WhiteSource Mend tool, which scans the software files and identifies the licenses of various product components. It can be also used to support the interpretation of mutual compatibility of present licences and identification of components with licenses that are not compatible with the product's licence. In addition, it identified obsolete versions of libraries and those that ate known to be vulnerable.
...