S

SAST

An example project staged to demonstrate the usage of Veracode's SAST scanning tools within CI/CD pipeline.

Veracode upload and scan component. This component will run a Veracode static scan as Sandbox scan or as policy scan.

Veracode Pipeline Scan Component This Veracode Pipeline Scan component runs the Veracode pipeline-scan as an action on any GitHub pipeline

The only pre-requisites is to have the application compiled/packaged according the Veracode Packaging Instructions here

About The pipeline-scan component is designed to be used in a CI/CD pipeline to submit a binary or source code zip to Veracode for security scanning.

For more information on Pipeline Scan, visit the Veracode Docs.

Veracode SAST Packaging Component This component will run the Veracode CLI package command to prepare the repository for static code analysis. Generated artifacts will be stored behind the name veracode-artifacts.

Veracode Fix for GitLab

Test project with: Language: Typescript - Package Manager: Yarn

A post-processor for computing the scope+offset fingerprint.

Gitlab CI / CD templates for easy jobs and pipelines

SAST Analyzer based on SpotBugs and Find Sec Bugs.

SAST Analyzer for Phoenix Elixir projects based on sobelow

Shiftleft CLI auto builder for Docker Hub

SAST Analyzer based on Semgrep

Security scans as pipeline jobs. SAST, Secret Detection, etc.

SAST Analyzer for detecting leaked secrets

A project containing leaked secrets and tokens.

Collection of shell scripts packaged with SAST analyzers to enable post-analyzer integrations.

This repository is part of a master thesis featured on https://scrap.tantemalkah.at and highlights the evaluation of currently maintained F/LOSS static analysis tools for PHP.

Test project with: Language: Scala - Package Manager: Sbt

A ncurses interface to read Gitlab's SAST reports

Rule Repository for GitLab SAST