SAST

SAST Analyzer based on Bandit

SAST Analyzer based on Semgrep

Codequality jobs in pipelines https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html

SAST Analyzer for NodeJS projects

Go package for implementing shared vulnerability command interface for secure analyzers

GitLab Analyzer for Infrastructure as Code (IaC) projects that calls kics. This analyzer is written in Go using the command library shared by all analyzers.

SAST Analyzer for Salesforce Apex projects based on pmd

SAST Analyzer based on Go AST Scanner

SAST Analyzer based on phpcs-security-audit

Rule Repository for GitLab SAST

SAST Analyzer for detecting leaked secrets

GitLab's semgrep image updated with Semgrep's Node.js/JavaScript/Typescript rules

Convert from SARIF to GitLab Code Quality and SAST report.

SAST Analyzer based on Flawfinder

SAST Analyzer for Kubernetes manifests based on kubesec

SAST Analyzer based on Brakeman

SAST Analyzer for Phoenix Elixir projects based on sobelow

This project is for free tier self hosted GitLab users who are running the SAST and Password Detection scrips and looking for a way to add them visibly to the merge request.

Shiftleft CLI auto builder for Docker Hub