Provide more granular access to configuration of tools beneath Secure analyzers

Problem

Some of our SAST security analyzers based on file-configurable tools don’t allow users to supply their own configs. Instead, they force users to rely on security rules for these scanners we chose to enable.

Examples:

• ESLint
• TSLint

Possible solutions

Opinions from Weekly Secure group discussion, internal:

1. We should provide users the ability to supply their own config files for the wrapped scanning tools, either with the ability to disable/override the default-set security rules or without such an ability.
2. The goals are, generally speaking: 1. Make it work out of the box for typical projects and 2. Make it flexible enough (via CI variables) to cover most projects (let’s say 80%) and 3. Make it possible to go all manual (via custom image or job definition). But then it may be difficult to decide what a “typical project” is, and what “most projects” look like. In some cases, we’re not familiar enough with the technology to have opinions on that, but we can still ask users to give feedback, in the implementation issue.
3. In future, we should allow customization once we get everything solid/working first