www-project-developer-guide icon indicating copy to clipboard operation
www-project-developer-guide copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Update: 07-implementation/00-toc to include a section on SAST

Open jgadsden opened this issue 1 year ago • 1 comments
trafficstars

Describe what change you would like :
It would be good to have a section on static analysis in the implementation section, and add semgrep to the new section

Context :
Section: 07-implementation/00-toc

semgrep: https://semgrep.dev/docs/getting-started/quickstart-oss/

jgadsden avatar Mar 22 '24 10:03 jgadsden

there are no OWASP SAST tools, but the open source semgrep project is the closest

jgadsden avatar Aug 19 '24 11:08 jgadsden

Hey, in this case isn't OWASP LAPSE+ a valid OWASP SAST tool? It's been a while since they updated their repo though.

pUrGe12 avatar Feb 27 '25 05:02 pUrGe12

8 years is a very long time in the security world, and so we could not include the LAPSE+ tool in the developer guide - we are trying to keep the DevGuide as brief as we can on the other hand semgrep is open source, maintained and widely used

jgadsden avatar Feb 27 '25 09:02 jgadsden