SAST for TypeScript

Problem to solve

Currently, SAST scanning filters for javascript files .js

Proposal

Consider adding typescript files, *.ts and *.tsx

Tasks

  • Evaluate the tool (https://gitlab.com/gitlab-org/gitlab-ee/issues/7158#note_142924174)
  • Implement the new analyzer (gitlab-org/security-products/analyzers/tslint!1 (merged))
  • Update test projects to use the new analyzer (gitlab-org/security-products/tests/typescript-yarn!1 (merged))
  • Update QA (https://gitlab.com/gitlab-org/security-products/release/merge_requests/33)
  • Update Docs
    • https://docs.gitlab.com/ee/user/project/merge_requests/sast.html (https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9699)
    • https://gitlab.com/gitlab-org/security-products/sast/blob/master/docs/analyzers.md (gitlab-org/security-products/sast!119 (merged))
    • https://docs.google.com/presentation/d/1z4v6v_lP7BHCP2jfRJ9bK_XoUgQ9XW01X2ZhQcon8bY/edit#slide=id.g2823c3f9ca_0_9

Links / references

ZD https://gitlab.zendesk.com/agent/tickets/100372

Edited Mar 06, 2019 by Lucas Charles
Assignee Loading
Time tracking Loading