Refine SAST analyzer detection beyond base language
Problem to solve
Our SAST templates match on filetype, but our analyzers have more refined compatibilities; i.e. brakeman
is Rails (not ruby) specific. We should update our rules
detection accordingly
Intended users
User experience goal
Less failed/unneeded SAST jobs due to incompatibility
Proposal
Update rules
logic for relevant sast jobs
Further details
Relevant analyzers:
-
brakeman-sast
should rely on Rails detectionconfig/routes.rb
-
nodejs-scan-sast
should rely on package.json detection -
sobelow-sast
should rely onmix.exs
detection
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
No
Links / references
Edited by Lucas Charles