SAST for Groovy
Problem to solve
Groovy projects are not supported by SAST, and so they cannot be checked for vulnerabilities.
Proposal
Evaluate a tool that can be integrated into the current SAST solution to support Groovy projects.
A possible candidate is find-sec-bugs, that is already used in the existing SAST project. We should extend the analyzer for Groovy as well.
What does success look like, and how can we measure that?
People will use GitLab SAST features to check vulnerabilities on their Groovy projects.
We will be able to measure it when https://gitlab.com/gitlab-org/gitlab-ee/issues/5621 will be implemented.
Edited by Fabio Busatto