S

SAST

SAST Analyzer based on Semgrep

Project Description gerdmate-infra is the infrastructure codebase for the GERDmate platform – a modern digital health solution focused on monitoring and managing Gastroesophageal Reflux Disease (GERD) using AI and wearable data.

This repository contains all the necessary Infrastructure-as-Code (IaC) configurations, CI/CD pipeline definitions, security integrations, and observability tooling to support the deployment and scaling of GERDmate services across cloud environments.

GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.

GitLab Analyzer for Infrastructure as Code (IaC) projects that calls kics. This analyzer is written in Go using the command library shared by all analyzers.

SAST Analyzer for detecting leaked secrets

Rule Repository for GitLab SAST

Go package for implementing shared vulnerability structs for secure analyzers

SAST Analyzer based on SpotBugs and Find Sec Bugs.

Go package for implementing shared vulnerability command interface for secure analyzers

Static Application Security Testing (SAST) checks your source code for known vulnerabilities.

A post-processor for computing the scope+offset fingerprint.

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

SAST Analyzer for Salesforce Apex projects based on pmd

SAST Analyzer for Phoenix Elixir projects based on sobelow

SAST Analyzer for Kubernetes manifests based on kubesec

Go package for implementing customized rulesets for SAST analyzers

Go packages to implement analyzers

Integrate OpenText Application Security (Fortify) with full access to 'fcli' commands for SAST, DAST, SCA, reporting and REST API capabilities.

Shiftleft CLI auto builder for Docker Hub

Codequality jobs in pipelines https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html