Problem to solve

Provide SAST functionalities for Node.js projects.

Proposal

Add Node.js support to our SAST feature using an existing opensource tool, like https://github.com/ajinabraham/NodeJsScan. There's even a docker image with a cli.

What does success look like, and how can we measure that?

We should check how many projects use the Node.js SAST image. Also, we can get feedback from customers that are requesting this.

Links / references

• https://github.com/ajinabraham/NodeJsScan
• https://hub.docker.com/r/opensecurity/nodejsscan/