sast-scan
sast-scan copied to clipboard
AppThreat
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server...
It appears like Visual Studio 2019 with SARIF viewer extension is not working quite well. - Visual Studio is expecting the version attribute to be at the top! When we...
Commercial folks are able to scan pull requests and add the results directly as a comment. Let's implement this feature entirely in actions without involving any server! Instead of bloating...
It appears like only certain tools (bandit, gosec) respect the #nosec comment to filter out false positives. Find Security Bugs seems to be using `@SuppressFBWarnings` annotation. It will be nice...
For some tools that generate relative urls such as gitleaks, pmd the code auto-prefixes workspace for each result to make the location absolute. As per SARIF specification, it should be...
Need sample Jenkins pipeline with some screenshots and guidance.
Need sample AWS codebuild/codepipeline yaml with screenshots.