Enhance SAST to scan Jupyter notebook files

Release notes

Add ability to scan notebook files used in MLOps that contain python code

Problem to solve

Currently if you have python code in a notebook file in your project and have added SAST, the SAST scanner never runs as it is looking for .py files and not .ipnyb files that contain python code. As MLOps efforts grow and more development teams utilize them, it would be useful to have python code within notebook files scanned as if it were raw python code.

Proposal

Either add in notebook files (.ipynb) to semgrep-sast or create a new scanning method that looks into notebook files for source code that could have vulnerbilities.

Intended users

• Delaney (Development Team Lead)
• Dana (Data Analyst)
• Amy (Application Security Engineer)
• Alex (Security Operations Engineer)
• Cameron (Compliance Manager)

Do we have Data science or MLOps personas yet?

Feature Usage Metrics

Same as existing SAST

Does this feature require an audit event?