Improve SAST for PHP by adding Exakat
Description
Add Exakat to GitLab SAST.
Proposal
Evaluate Exakat and see how it competes with phpcs-security-audit when performing Static Application Security Testing (SAST) on PHP projects.
Use Exakat instead of phpcs-security-audit if it significantly outperforms the latter, or combine the two if it makes sense.
New Analyzer library evaluation checklist
Underlying tool
-
Has permissive software license - GNU Affero General Public License -
Headless execution (CLI tool) - php exakat.phar -
Unix support - Instructions -
Language identification method (file extension, package file, etc) - In the project configuration, you can specify the file extensions to process
Minimum vulnerability data
-
rule name -
rule description -
file path -
line number
Links / references
https://gitlab.com/gitlab-org/gitlab-ee/issues/5378#note_73625843
Edited by Kenny Johnston