Adding SAST/Secret-Detection?Dependency Scanning to .gitlab-ci.yml to provide... (!1946) · Merge requests · ase / ase

Eric Rosenberg requested to merge ericrosenberg88/ase:patch-1 into master Jul 21, 2020

Adding SAST/Secret-Detection?Dependency Scanning to .gitlab-ci.yml to provide output to your security & compliance section.

The information for these scans can be found: https://docs.gitlab.com/ee/user/application_security/sast/#configuration

I ran these on a copy of your project and found a few things that I believe would be beneficial for your team to look into.

Do keep in mind that there should be, what I believe, 2 false negatives from the initial scan.

Password in URL
doc/ase/db/db.rst

What I found when researching these reports, looked to be an example of a username:password for a db connection. So as long as that is just an example, you can dismiss those two vulnerabilities.

Adding SAST/Secret-Detection?Dependency Scanning to .gitlab-ci.yml to provide...

Merge request reports