S

SAST

Codequality jobs in pipelines https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html

GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.

GitLab Analyzer for Infrastructure as Code (IaC) projects that calls kics. This analyzer is written in Go using the command library shared by all analyzers.

SAST Analyzer for detecting leaked secrets

SAST Analyzer based on Semgrep

Rule Repository for GitLab SAST

A post-processor for computing the scope+offset fingerprint.

Go package for implementing shared vulnerability command interface for secure analyzers

Go package for implementing shared vulnerability structs for secure analyzers

Static Application Security Testing (SAST) checks your source code for known vulnerabilities.

SAST Analyzer for Phoenix Elixir projects based on sobelow

A project containing "vulnerable" code for testing GitLab SAST functionality.

Go package for implementing customized rulesets for SAST analyzers

Collection of shell scripts packaged with SAST analyzers to enable post-analyzer integrations.

Test project for Java Gradle with Kotlin build script

Test project with: Language: Go - Package Manager: Go mod

Test project with: Language: Python - Package Manager: Pipenv

Test project for Java Gradle

Test project with: Language: Scala - Package Manager: Sbt

Test project with: Language: Java - Package Manager: Maven - Type: MultiModule