SAST Support for Kotlin (General, not Android)
Problem to solve
Request from customer to add a SAST Vulnerability Scanner for Kotlin
Intended users
Members of the Security Team and Developers would get first hand information into vulnerable code created using Kotlin.
Further details
This would continue to allow for the "Shift Left" mentality that we are instilling in teams coding in other languages.
Proposal
Perhaps by using an existing analyzer, but it appears that Spotbugs does not yet have support for Kotlin..
https://github.com/spotbugs/spotbugs/issues/573
Permissions and Security
The permissions would be the same as those for existing SAST scans.
What does success look like, and how can we measure that?
Users developing in Kotlin would have vulnerability scan results presented in the same way that existing scan tools do. E.g. directly in the Merge Request screen.
What is the type of buyer?
Users looking to take advantage of our SAST capabilities.
Links / references
Edited by Taylor McCaslin