ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Extend the advisor with Static Application Security Testing (SAST)

Open sschuberth opened this issue 2 years ago • 2 comments

We could extend the advisor's capabilities for static code analysis, esp. with a focus on security, like with any of these (alphabetical order):

See e.g. here for an overview.

sschuberth avatar Jul 18 '23 11:07 sschuberth

@sschuberth Note that Bearer is under Elastic License 2.0 which does not allow providing Bearer CLI to third parties as a hosted or managed service. Will be an issue for several ORT users such as Bosch.

tsteenbe avatar Jul 18 '23 23:07 tsteenbe

To start with, we should probably do like GitLab does and use Semgrep for pretty much everything.

sschuberth avatar Jul 04 '24 14:07 sschuberth