SAST

SAST Analyzer based on SpotBugs and Find Sec Bugs.

SAST Analyzer based on Semgrep

SAST Analyzer for detecting leaked secrets

GitLab Analyzer for Infrastructure as Code (IaC) projects that calls kics. This analyzer is written in Go using the command library shared by all analyzers.

SAST Analyzer for Kubernetes manifests based on kubesec

SAST Analyzer for Salesforce Apex projects based on pmd

SAST Analyzer for Phoenix Elixir projects based on sobelow

A post-processor for computing the scope+offset fingerprint.

A project containing "vulnerable" code for testing GitLab SAST functionality.

Static Application Security Testing (SAST) checks your source code for known vulnerabilities.

SAST Analyzer based on Brakeman

SAST Analyzer for NodeJS projects

SAST Analyzer based on phpcs-security-audit

SAST Analyzer based on Flawfinder

SAST Analyzer for mobile applications

Test project with: Language: Ruby

Test project with: Languages: Ruby, JS - Package Managers: Bundler, Yarn

A composite project that features all the languages supported by GitLab SAST.

Test project with: Language: Ruby - Package Manager: Bundler - Framework : Rails

Static Application Security Testing (SAST) checks your source code for known vulnerabilities.