SAST for TypeScript
Problem to solve
Currently, SAST scanning filters for javascript files .js
Proposal
Consider adding typescript files, *.ts
and *.tsx
Tasks
-
Evaluate the tool (https://gitlab.com/gitlab-org/gitlab-ee/issues/7158#note_142924174) -
Implement the new analyzer (gitlab-org/security-products/analyzers/tslint!1 (merged)) -
Update test projects to use the new analyzer (gitlab-org/security-products/tests/typescript-yarn!1 (merged)) -
Update QA (https://gitlab.com/gitlab-org/security-products/release/merge_requests/33) -
Update Docs -
https://docs.gitlab.com/ee/user/project/merge_requests/sast.html (https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9699) -
https://gitlab.com/gitlab-org/security-products/sast/blob/master/docs/analyzers.md (gitlab-org/security-products/sast!119 (merged)) -
https://docs.google.com/presentation/d/1z4v6v_lP7BHCP2jfRJ9bK_XoUgQ9XW01X2ZhQcon8bY/edit#slide=id.g2823c3f9ca_0_9
-
Links / references
Edited by Lucas Charles