14.2 Analyzer Updates - public issue

THIS ISSUE DUPLICATES A PRIVATE INTERNAL RELEASE ISSUE PURELY FOR PUBLIC VISIBLITY https://gitlab.com/gitlab-org/security-products/release/-/issues/113

Prepare

SAST

• Check the analyzers list and make sure it includes the analyzers/languages recently added.

---

Dependency Scanning

• Check the analyzers list and make sure it includes the analyzers/languages recently added.

Check upstream updates

Static Analysis Analyzers

Please scrutinize the following dependencies according to our the guidance listed in the handbook.

• brakeman

• phpcs-security-audit

• security-code-scan

• [-] bandit | Up to date

• eslint | gitlab-org/security-products/analyzers/eslint!87 (merged)

• eslint package.json and other dependencies | gitlab-org/security-products/analyzers/eslint!87 (merged)

• [-] mobSF | Up to date

• [-] flawfinder | Up to date

• gosec | gitlab-org/security-products/analyzers/gosec!119 (merged)

• [-] sobelow | Up to date

• semgrep | gitlab-org/security-products/analyzers/semgrep!72 (merged)

• kubesec

• nodejs-scan

• secrets

• pmd-apex

• spotbugs

---

Container Scanning Analyzers

For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.

• trivy

---

For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.

License Compliance

• License Finder

Dependency Scanning Analyzers

• bundler-audit
• retire.js