LogoLogo
  • Mojaloop Documentation
  • LICENSE
  • Mojaloop Docs 2.0 Contributing Guide
  • tmp-regex
  • docs
    • index
    • adoption
      • About the Mojaloop Adoption documents
      • Scheme
        • Platform Operating Guideline Template
        • Scheme Business Rules Template
        • Scheme Key Choices
        • scheme-participation-agreement
        • scheme-uniform-glossary
      • guides
        • RBAC Context
      • HubOperations
        • Onboarding
          • Business onboarding of DFSPs
          • Introduction – Onboarding Guide for the Hub Operator
          • Technical onboarding of DFSPs
        • Portalv2
          • Accessing the portal
          • Introduction – Guide to Finance Portal v2
          • Checking settlement details
          • Disabling and re-enabling transactions for a DFSP
          • Checking settlement window details
          • Monitoring DFSP financial details
          • Recording funds in or funds out for a DFSP
          • Searching for transfer data
          • Settlement process
          • Settling
          • Updating the Net Debit Cap of a DFSP
        • RBAC
          • RBAC Context
        • Settlement
          • Ledgers in the Hub
          • Basic concepts
          • Introduction – Settlement Management Guide
        • TechOps
          • Change management
          • Defect triage
          • Appendix A: Incident management escalation matrix
          • Incident management
          • Glossary
          • Problem management
          • Release management
          • Appendix B: Service Level Agreements
          • Introduction – Technical Operations Guide
    • Welcome to Mojaloop Community
      • Using Vue in Markdown
      • Publications
      • The Mojaloop Roadmap
      • contributing
        • Code Of Conduct
        • Consequential Change Process
        • Contributors' Guide
        • Critical Change Process
        • Disclosing and Receiving Information Regarding Security Vulnerabilities
        • Technical Design Review & Code Review
        • New Contributor Checklist
        • Mojaloop Product Engineering Process
        • Signing the CLA
      • documentation
        • API Documentation
        • Documentation
        • Documentation Style Guide
      • standards
        • Creating new Features
        • Standards
        • Mojaloop Invariants
        • Triaging Mojaloop OSS bugs
        • Versioning
      • tools
        • QA and Regression Testing in Mojaloop
        • CI/CD Pipelines
        • Code Quality Metrics
        • cybersecurity
        • Pragmatic REST
        • test
        • Tools and Technologies
      • archive
        • Discussion Documents (Archive)
          • AWS Tagging Guidelines + Policies
          • Code_Improvement Project
          • Cross Border Discussion Day 1
          • Cross Border Meeting Notes Day 2
          • crossborder
          • ISO integration Overivew
          • Mojaloop Decimal Type; Based on XML Schema Decimal Type
          • Performance Workstream
          • PISP (3rd party payment initiation)
          • versioning-draft-proposal
          • Mojaloop Lab/Workbench Discussion
        • OSS Meeting Group Notes (Archive)
          • CCB Notes
          • DA meetings: Overview
          • Scrum-of-scrum meeting notes
    • Your First Action
      • Demo One
      • Demos
      • Frequently Asked Questions
      • General FAQs
      • LICENSE
      • Quickstart One
      • Quickstart Two
      • Quickstarts
      • Technical FAQs
      • demos
        • Financial Inclusion 101
        • Inside the Loop
        • Mojaloop Overview
        • What is RTP?
        • What Makes a Successful Financial Ecosystem?
        • Why Mojaloop?
        • Working with Mojaloop
      • installation
        • Installing Mojaloop
    • Welcome to Mojaloop the Product
      • features
        • Cross Border Transactions
        • Foreign Exchange
        • Interconnecting Payment Schemes
        • Connectivity
        • Engineering Principles
        • Foreign Exchange - Currency Conversion
        • Interscheme
        • Invariants
        • ISO 20022
        • Merchant Payments
        • ml-feature-list
        • Portals and Operational Features
        • Risk Management
        • Mojaloop Transactions
        • Use Cases
        • Iso20022
          • 8. Appendix A: Payment Identifier Type Codes
          • MarketPracticeDocument
          • script
            • 7.4 POST /fxQuotes/
            • 7.5 PUT /fxQuotes/{ID}
            • 7.6 PUT /fxQuotes/{ID}/error
            • 7.13 PATCH /fxTransfers/{ID}
            • 7.10 POST /fxTransfers
            • 7.11 PUT /fxTransfers/{ID}
            • 7.12 PUT /fxTransfers/{ID}/error
            • 7.1 GET /parties/{type}/{partyIdentifier}[/{subId}]
            • 7.2 PUT /Parties/{type}/{partyIdentifier}[/{subId}]
            • 7.3 PUT /parties/{type}/{partyIdentifier}[/{subId}]/error
            • 7.7 POST /quotes
            • 7.8 PUT /quotes/{ID}
            • 7.9 PUT /quotes/{ID}/error
            • 7.17 PATCH /transfers/{ID}
            • 7.14 POST /transfers
            • 7.15 PUT /transfers/{ID}
            • 7.16 PUT /transfers/{ID}/error
    • Your First Action
      • Your First Action
      • Your First Action
    • Mojaloop Technical Overview
      • Frequently Asked Questions
      • API Catalog
        • LICENSE
        • Administration API
          • Central Ledger API
        • FSPIOP API
          • FSPIOP API
          • Generic Transaction Patterns
          • Glossary
          • JSON Binding Rules
          • Logical Data Model
          • Public Key Infrastructure Best Practices
          • sandbox
          • Scheme Rules
          • Use Cases
          • api-definition
            • api-definition
          • v1.1
            • api-definition
            • Encryption
            • Signature
        • Settlement API
        • Third Party API
          • data-models
          • transaction-patterns-linking
          • transaction-patterns-transfer
          • Transaction Patterns
      • Introduction
        • Micro-frontend - JAMStack design
        • Report Developer Guide
        • Reporting bounded context implementation
        • RBAC Operational API implementation
        • Settlement Operational Implementation
      • reference-architecture
        • index
        • boundedContexts
          • Bounded Context
          • accountLookupAndDiscovery
            • Account Lookup And Discovery BC
          • accountsAndBalances
            • Accounts and Balances BC
          • auditing
            • Auditing BC
          • commonInterfaces
            • Common Interface List
          • commonTermsConventions
            • Common Terms and Conventions Used
          • fspInteropApi
            • FSP Interoperability API BC
          • logging
            • Logging BC
          • notificationsAndAlerts
            • Notifications and Alerts BC
          • participantLifecycleManagement
            • Participant Lifecycle Management BC
          • platformMonitoring
            • {name} BC
          • quotingAgreement
            • Quoting/Agreements BC
          • reporting
            • Reporting BC
          • scheduling
            • Scheduling BC
          • security
            • Security BC
          • settlements
            • Settlements BC
          • thirdPartyApi
            • Third Party API BC
          • transfers
            • Transfers BC
        • Further Reading
        • Getting Started
          • Sub Menu
        • TBD Placeholder
        • TBD Placeholder for vNext Implementation architecture
        • introduction
          • Introduction
        • refarch
          • Mojaloop Reference Architecture Overview
      • technical
        • Mojaloop Release Process
        • Account Lookup Service
          • DELETE Oracles
          • GET Oracles
          • POST Oracles
          • PUT Oracles
          • DELETE Endpoint Cache
          • DEL Participants
          • GET Participants
          • GET Parties
          • Sequence Diagram for POST Participants (Batch)
          • POST Participant
        • Bulk Transfers Design
          • Mojaloop Bulk Transfer operations
            • Bulk Prepare Transfer Request [Overview] [includes individual transfers in a bulk]
            • Bulk Prepare handler consume
            • Prepare handler consume [that includes individual transfers in a bulk]
            • Position Handler Consume [that includes individual transfers in a bulk]
            • Prepare Position Handler Consume [that includes individual transfers in a bulk]
            • Bulk Processing Handler Consume
            • Bulk Fulfil Transfer Request Overview
            • Bulk Fulfil Handler Consume
            • Payee sends a Bulk Fulfil Transfer request - Bulk is broken down into individual transfers
            • Payee sends a Bulk Fulfil Transfer request - Bulk is broken down into individual transfers
            • Fulfil Position Handler Consume [that includes individual transfers in a bulk]
            • Position Handler Consume for Fulfil aborts at individual transfer level
            • Transfer Timeout [includes individual transfers in a Bulk]
            • TimeOut Handler
            • Bulk Transfer Abort Overview [includes individual transfers in a Bulk]
            • Get Bulk Transfer Overview
        • Central Event Processor Service
          • Event Handler Placeholder
          • Notification Handler for Rejections
          • Signature Validation
        • Central-Ledger Services
          • Mojaloop HUB/Switch operations
            • GET Health Check
            • GET Participant Limit Details For All Participants
            • Create initial position and limits for Participant
            • Request Participant Position and Limit Details
            • Adjust Participant Limit for a certain Currency
            • Request transfer status
            • 3.1.0 Get Participant Callback Details
            • 3.1.0 Add Participant Callback Details
            • Get Participant Position Details
            • Get Position Details for all Participants
          • Mojaloop Transfer operations
            • Prepare Transfer Request
            • Prepare handler consume
            • Prepare handler consume
            • Position handler consume
            • Position handler consume
            • Send Notification to Participant v1.1
            • Send Notification to Participant
            • Send Notification to Participant
            • Position Handler Consume v1.1
            • Position Handler Consume
            • Prepare Position Handler Consume
            • Fulfil Position Handler Consume v1.1
            • Fulfil Position Handler Consume
            • Abort Position Handler Consume
            • Fulfil Transfer Request success v1.1
            • Fulfil Transfer Request success
            • Fulfil Handler Consume (Success) v1.1
            • Fulfil Handler Consume (Success)
            • Payee sends a Fulfil Abort Transfer request v1.1
            • [Outdated] Payee sends a Fulfil Reject Transfer request
            • Payee sends a PUT call on /error end-point for a Transfer request v1.1
            • Payee sends a PUT call on /error end-point for a Transfer request
            • Fulfil Handler Consume (Reject/Abort)
            • Fulfil Handler Consume (Reject/Abort)
            • Transfer Timeout
            • Timeout Handler Consume
          • assets
            • How to EDIT the central-ledger-schema-DBeaver.erd file
        • Mojaloop Deployment
          • Deployment Troubleshooting
          • Mojaloop Repository Update Sequence
          • nodejs-dependency-update-guide
          • Upgrade Commands
          • Upgrade Strategy Guide
        • Event Framework
        • Event Stream Processor Service
        • Fraud Services
          • related-documents
            • Ecosystem Fraud Documentation
        • Mojaloop Testing Toolkit
        • Mojaloop Hub
          • Mojaloop Hub Current Components - PI11
          • Mojaloop Hub Current Components - PI12
          • Mojaloop Hub Current Components - PI14
          • Mojaloop Hub Current Components - PI18
          • Mojaloop Hub Legacy Components - PI3
          • Mojaloop Hub Legacy Components - PI5
          • Mojaloop Hub Legacy Components - PI6
          • Mojaloop Hub Legacy Components - PI7
          • Legacy Architecture - PI8
        • Quoting Service Overview
          • GET Quote By ID
          • GET Quote By ID
          • POST Quote
          • POST Quote
        • SDK Scheme Adapter
          • Integration Core Banking Systems using Bulk transfers
          • Integrating Core Banking Systems to Mojaloop Patterns
          • Request To Pay (R2P) - use-case support
          • SDK Support for Bulk Transfers - Overview
            • SDK Support for Bulk Transfers - API
            • SDK Support for Bulk Transfers - DDD and Event Sourcing Design
            • SDK Support for Bulk Transfers - Tests
          • usage
            • SDK Scheme Adapter and Local K8S cluster testing
            • SDK Scheme Adapter and WSO2 API Gateway
            • Scheme Adapter to Scheme Adapter testing
          • assets
            • sequence
              • Bulk Transfers
        • Transaction Requests Service
          • Transaction Requests
          • Transaction Requests - Query
          • Transaction Requests
      • central-fx-transfers
        • Mojaloop FX Transfer Operations
          • FX Prepare Transfer Request
          • FX Prepare Handler Consume
          • FX Position Handler Consume
          • Send Notification to Participant v2.0
          • Fulfil Transfer Request success
          • FXP sends a Fulfil Abort FX Transfer request
    • .vuepress
      • vuepres-theme-titanium
        • CHANGELOG
  • infra
    • state
    • src
      • redirect
        • link_list
  • Notifications
    • Gitbook information
    • LICENSE
    • Documentation Notes
    • Table of contents
    • Changelog
    • Glossary of Terms
    • Mojaloop Background
    • Mojaloop Publications
    • Mojaloop Roadmap
    • Onboarding
    • API Specifications
      • ALS Oracle
      • Central Ledger API
      • Central Settlements
      • Mojaloop
    • Contributors Guide
      • Mojaloop Code of Conduct
      • FAQ
      • New Contributor Checklist
      • personas
      • Signing the CLA
      • Documentation
        • API Documentation
        • Documentation Style Guide
      • Standards
        • Creating new Features
        • Triaging Mojaloop OSS bugs
        • Versioning
      • Tools and Technologies
        • Automated License Scanning
        • QA and Regression Testing in Mojaloop
        • AWS CLI
        • Code Quality Metrics
        • Pragmatic REST
    • Mojaloop Deployment
      • Troubleshooting
      • Deployment with (Deprecated) Helm v2
      • Helm v2 to v3 Migration Guide
      • Local Setup Linux
      • Mojaloop local environment setup for Mac
      • Mojaloop local environment setup for Windows
      • Releases
      • Upgrade Strategy Guide
    • discussions
      • iso-integration
      • AWS Tagging Guidelines + Policies
      • Code_Improvement Project
      • Cross Border Discussion Day 1
      • Cross Border Discussion Day 2
      • cross-border
      • Mojaloop Decimal Type; Based on XML Schema Decimal Type
      • Discussion Documents
      • Performance Workstream
      • PISP (3rd party payment initiation)
      • versioning_draft_proposal
      • Workbench Workstream
    • Hackathon Materials
      • ModusBox Mojaloop Lab
      • Hackathon Pre-Read:
    • Mojaloop DA, CCB, Scrum-of-scrum Notes
      • CCB meetings: Overview
      • DA meeting notes
      • Meeting Notes from Weekly Scrum-of-scrum meetings
    • Mojaloop Background
      • Core Scenarios
      • Level One Principles
    • Mojaloop Technical Overview
      • Account-Lookup Service
        • DELETE Oracles
        • GET Oracles
        • POST Oracles
        • PUT Oracles
        • DELETE Endpoint Cache
        • DEL Participants
        • GET Participants
        • GET Parties
        • Sequence Diagram for POST Participants (Batch)
        • POST Participant
      • Bulk Transfer Operations
        • Mojaloop Bulk Transfer operations.
          • Bulk Prepare Transfer Request [Overview] [includes individual transfers in a bulk]
          • Bulk Prepare handler consume
          • Prepare handler consume [that includes individual transfers in a bulk]
          • Position Handler Consume [that includes individual transfers in a bulk]
          • Prepare Position Handler Consume [that includes individual transfers in a bulk]
          • Bulk Processing Handler Consume
          • Bulk Fulfil Transfer Request Overview
          • Bulk Fulfil Handler Consume
          • Payee sends a Bulk Fulfil Transfer request - Bulk is broken down into individual transfers
          • Payee sends a Bulk Fulfil Transfer request - Bulk is broken down into individual transfers
          • Fulfil Position Handler Consume [that includes individual transfers in a bulk]
          • Position Handler Consume for Fulfil aborts at individual transfer level
          • Transfer Timeout [includes individual transfers in a Bulk]
          • TimeOut Handler
          • Bulk Transfer Abort Overview [includes individual transfers in a Bulk]
          • Get Bulk Transfer Overview
      • Central-Event-Processor Services
        • Notification Handler for Rejections
        • Event Handler Placeholder
        • Signature Validation
      • Central-Ledger Services
        • Mojaloop HUB/Switch operations
          • GET Health Check
          • GET Participant Limit Details For All Participants
          • Create initial position and limits for Participant
          • Request Participant Position and Limit Details
          • Adjust Participant Limit for a certain Currency
          • Request transfer status
          • 3.1.0 Get Participant Callback Details
          • 3.1.0 Add Participant Callback Details
          • Get Participant Position Details
          • Get Position Details for all Participants
        • Mojaloop Transfer operations
          • Prepare Transfer Request
          • Prepare handler consume
          • Prepare handler consume
          • Position handler consume
          • Position handler consume
          • Send Notification to Participant v1.1
          • Send Notification to Participant
          • Send Notification to Participant
          • Position Handler Consume v1.1
          • Position Handler Consume
          • Prepare Position Handler Consume
          • Fulfil Position Handler Consume v1.1
          • Fulfil Position Handler Consume
          • Abort Position Handler Consume
          • Fulfil Transfer Request success v1.1
          • Fulfil Transfer Request success
          • Fulfil Handler Consume (Success) v1.1
          • Fulfil Handler Consume (Success)
          • Payee sends a Fulfil Abort Transfer request v1.1
          • [Outdated] Payee sends a Fulfil Reject Transfer request
          • Payee sends a PUT call on /error end-point for a Transfer request v1.1
          • Payee sends a PUT call on /error end-point for a Transfer request
          • 2.2.1-fulfil-reject-handler-v1.1
          • 2.2.1-fulfil-reject-handler
          • 2.3.0-transfer-timeout
          • 2.3.1-timeout-handler-consume
        • assets
          • How to EDIT the central-ledger-schema-DBeaver.erd file
      • Central-Settlements Service
        • OSS Settlement Business Requirements Document
        • Funds In/Out
          • Funds In - Prepare, Reserve, Commit
          • Funds Out - Abort
          • Funds Out - Commit
          • Funds Out - Prepare & Reserve
          • Reconciliation Transfer Prepare
          • Transfer State and Position Change
        • Settlement Process
          • Request Settlement
          • Request Settlement By SPA
          • Request Settlement Window
          • Settlement Windows By Params
          • Request Settlements By Params
          • Gross Settlement Handler
          • Close Settlement Window
          • Create Settlement
          • Settlement Abort
          • Settlement Transfer Acknowledgment
          • Rules Handler
      • Event Framework
      • Event Stream Processor Service
      • Fraud Services
        • related-documents
          • Fraud Services
      • ML Testing Toolkit
      • Mojaloop Hub
        • Legacy Architecture - PI11
        • Mojaloop Hub Current Components - PI12
        • Current Architecture - PI14
        • Legacy Architecture - PI3
        • Legacy Architecture - PI5
        • Legacy Architecture - PI6
        • Mojaloop Hub Legacy Components - PI7
        • Mojaloop Hub Legacy Components - PI8
      • Quoting Service Overview
        • GET Quote By ID
        • GET Quote By ID
        • POST Quote
        • POST Quote
      • SDK Scheme Adapter
        • usage
          • Scheme Adapter to Local ML Cluster
          • SDK Scheme Adapter and WSO2 API Gateway
          • Scheme Adapter to Scheme Adapter
      • Transaction Requests Service
        • Transaction Requests
        • Transaction Requests - Query
        • Transaction Requests
    • Code Quality and Security
      • Reference Implementation
      • snyk_investigation
      • Program Management
        • Scheme Rules Guidelines
        • Vulnerability Reporting
      • Standards + Guidelines
        • Audit Logging Standard
        • Log Analysis Report – 03 Oct 2020
    • Repo Details
      • Helm
      • Project
  • Versioned Docs
    • versioned_docs
      • v1.0.1
        • index
        • API Catalog
          • Administration API
            • Central Ledger API
          • FSPIOP API
            • FSPIOP API
            • Generic Transaction Patterns
            • Glossary
            • JSON Binding Rules
            • Logical Data Model
            • Public Key Infrastructure Best Practices
            • sandbox
            • Scheme Rules
            • Use Cases
            • v1.0
              • v1.0
            • v1.1
              • api-definition
              • Encryption
              • Signature
          • settlement
          • Third Party API
            • data-models
            • transaction-patterns-linking
            • transaction-patterns-transfer
            • Transaction Patterns
            • thirdparty-api/assets
        • Welcome to Mojaloop Community
          • Using Vue in Markdown
          • Publications
          • The Mojaloop Roadmap
          • contributing
            • Mojaloop Code of Conduct
            • Contributors' Guide
            • New Contributor Checklist
            • Signing the CLA
          • documentation
            • API Documentation
            • Documentation
            • Documentation Style Guide
          • standards
            • Creating new Features
            • Standards
            • ML OSS Bug Triage
            • Versioning
          • tools
            • QA and Regression Testing in Mojaloop
            • CI/CD Pipelines
            • Code Quality Metrics
            • Pragmatic REST
            • Tools and Technologies
          • archive
            • Discussion Documents (Archive)
              • AWS Tagging Guidelines + Policies
              • Code_Improvement Project
              • Cross Border Meeting Notes Day 1
              • Cross Border Discussion Day 2
              • cross-border
              • iso-integration
              • Mojaloop Decimal Type; Based on XML Schema Decimal Type
              • Performance Workstream
              • PISP (3rd party payment initiation)
              • versioning-draft-proposal
              • Mojaloop Lab/Workbench Discussion
            • OSS Meeting Group Notes (Archive)
              • CCB meetings: Overview
              • DA meetings: Overview
              • Meeting Notes from Weekly Scrum-of-scrum meetings
        • Your First Action
          • Demo One
          • Demos
          • Frequently Asked Questions
          • General FAQs
          • Quickstart One
          • Quickstart Two
          • Quickstarts
          • Technical FAQs
        • Your First Action
          • Your First Action
          • Your First Action
        • Mojaloop Technical Overview
          • Frequently Asked Questions
          • Account Lookup Service
            • DELETE Oracles
            • GET Oracles
            • POST Oracles
            • PUT Oracles
            • DELETE Endpoint Cache
            • DEL Participants
            • GET Participants
            • GET Parties
            • Sequence Diagram for POST Participants (Batch)
            • POST Participant
          • Central Event Processor Service
            • Event Handler Placeholder
            • Notification Handler for Rejections
            • Signature Validation
          • Event Framework
          • Event Stream Processor Service
          • Fraud Services
            • related-documents
              • Fraud Services
          • Mojaloop Testing Toolkit
          • Mojaloop Hub
            • Mojaloop Hub Current Components - PI11
            • Current Architecture - PI12
            • Mojaloop Hub Current Components - PI14
            • Mojaloop Hub Legacy Components - PI3
            • Mojaloop Hub Legacy Components - PI5
            • Mojaloop Hub Legacy Components - PI6
            • Legacy Architecture - PI7
            • Mojaloop Hub Legacy Components - PI8
          • Quoting Service Overview
            • GET Quote By ID
            • GET Quote By ID
            • POST Quote
            • POST Quote
          • SDK Scheme Adapter
            • usage
              • SDK Scheme Adapter and Local K8S cluster testing
              • Scheme Adapter to WSO2 API Gateway
              • Scheme Adapter to Scheme Adapter testing
          • Transaction Requests Service
            • Transaction Requests
            • Transaction Requests - Query
            • Transaction Requests
Powered by GitBook
On this page
  • 1. Architectural Implementations
  • 2. Code level security measures

Was this helpful?

  1. Notifications
  2. Code Quality and Security

Reference Implementation

PreviousCode Quality and SecurityNextsnyk_investigation

Last updated 4 years ago

Was this helpful?

Reference implementations are standard, and guidelines as applied on the Mojaloop standard API. The target audience is architects, DevOps teams, security engineering, QA teams and Developers.

1. Architectural Implementations

2. Code level security measures

    1. Open Source Vulnerability Management

      • i. + npm-audit-resolver

      • ii.

    1. Open Source License Management - NPM Audit,

    1. Static Code Analysis – SonarQube in progress, details coming soon

    1. Container Security

      • i.

Signature Standard
Encryption Standard
Interledger Cryptographic interlock
Secure PISP Account Linking
Certificate Management (MCM)
npm
GitHub/Dependabot
license-scanner
Anchore-cli