14.2 Analyzer Updates - public issue
THIS ISSUE DUPLICATES A PRIVATE INTERNAL RELEASE ISSUE PURELY FOR PUBLIC VISIBLITY https://gitlab.com/gitlab-org/security-products/release/-/issues/113
Prepare
SAST
- Check the analyzers list and make sure it includes the analyzers/languages recently added.
Dependency Scanning
- Check the analyzers list and make sure it includes the analyzers/languages recently added.
Check upstream updates
Static Analysis Analyzers
Please scrutinize the following dependencies according to our the guidance listed in the handbook.
- [-]
bandit | Up to date
-
eslint | gitlab-org/security-products/analyzers/eslint!87 (merged)
-
eslint package.json and other dependencies | gitlab-org/security-products/analyzers/eslint!87 (merged)
- [-]
mobSF | Up to date
- [-]
flawfinder | Up to date
-
gosec | gitlab-org/security-products/analyzers/gosec!119 (merged)
- [-]
sobelow | Up to date
-
semgrep | gitlab-org/security-products/analyzers/semgrep!72 (merged)
Container Scanning Analyzers
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.
For each upstream scanner having an available update, please open a dedicated issue with ./script/update_scanner_issue.rb template.