SAST
Projects with this topic
-
GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.
Updated -
Rule Repository for GitLab SAST
Updated -
Go package for implementing customized rulesets for SAST analyzers
Updated -
SAST Analyzer for detecting leaked secrets
Updated -
SAST Analyzer for Phoenix Elixir projects based on sobelow
Updated -
-
GitLab Analyzer for Infrastructure as Code (IaC) projects that calls kics. This analyzer is written in Go using the command library shared by all analyzers.
Updated -
A post-processor for computing the scope+offset fingerprint.
UpdatedUpdated -
SAST Analyzer based on SpotBugs and Find Sec Bugs.
Updated -
Go package for implementing shared vulnerability command interface for secure analyzers
Updated -
SAST Analyzer based on Semgrep
Updated -
A project containing "vulnerable" code for testing GitLab SAST functionality.
Updated -
SAST Analyzer for Kubernetes manifests based on kubesec
Updated -
Go packages to implement analyzers
Updated -
SAST Analyzer for Salesforce Apex projects based on pmd
Updated -
SAST Analyzer for .NET projects
Updated -
Codequality jobs in pipelines https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html
Updated -
Go package for implementing shared vulnerability structs for secure analyzers
Updated -
Veracode Pipeline Scan Component This Veracode Pipeline Scan component runs the Veracode pipeline-scan as an action on any GitHub pipeline
The only pre-requisites is to have the application compiled/packaged according the Veracode Packaging Instructions here
About The pipeline-scan component is designed to be used in a CI/CD pipeline to submit a binary or source code zip to Veracode for security scanning.
For more information on Pipeline Scan, visit the Veracode Docs.
Updated -
SAST Analyzer based on Go AST Scanner
Updated