S

SAST

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

Go package for implementing customized rulesets for SAST analyzers

Integrate OpenText Application Security (Fortify) with full access to 'fcli' commands for SAST, DAST, SCA, reporting and REST API capabilities.

Shiftleft CLI auto builder for Docker Hub

Codequality jobs in pipelines https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html

Veracode Fix for GitLab

Test project for Java Gradle

Test project with: Language: Python - Package Manager: Pip

Collection of shell scripts packaged with SAST analyzers to enable post-analyzer integrations.

A project containing leaked secrets and tokens.

A project containing "vulnerable" code for testing GitLab SAST functionality.

Veracode upload and scan component. This component will run a Veracode static scan as Sandbox scan or as policy scan.

Veracode Pipeline Scan Component This Veracode Pipeline Scan component runs the Veracode pipeline-scan as an action on any GitHub pipeline

The only pre-requisites is to have the application compiled/packaged according the Veracode Packaging Instructions here

About The pipeline-scan component is designed to be used in a CI/CD pipeline to submit a binary or source code zip to Veracode for security scanning.

For more information on Pipeline Scan, visit the Veracode Docs.

Veracode SAST Packaging Component This component will run the Veracode CLI package command to prepare the repository for static code analysis. Generated artifacts will be stored behind the name veracode-artifacts.

Test project with: Language: Php - Package Manager: Composer

Test project with: Language: Java - Platform: Android

Test project with: Language: Apex - Package Manager: SFDX

Test project with: Language: Go - Package Manager: Go mod