Security Heat Map reports
Problem to solve
Following our coffee chat discussion with @jeremymatos, we'd like to explore ideas around security heat map in source code. While our scanner currently report vulnerabilities (actually more "findings" than vulnerabilities) based on regexps or rules, AppSec Engineers tend to focus their attention on function or portions of code where they "smell" something odd. This is mostly based on the complexity and nature of the code being audited. Being able to highlight these focus zones would be beneficial for AppSec teams.
Intended users
Further details
The complexity of a function can already be analyzed and reported by several static analyzers. The nature of the function, especially if it is related to authentication, is harder to determine, but we can maybe spot some key methods or libraries being used.
Proposal
In a merge request, this heat map could help to spot areas of interest, and let the reviewer know instantly the effort required to review the code (the more zones highlighted, the longer the review will be). We can also create a scoring based on the presence of heat zones.
Permissions and Security
TODO.
Documentation
TODO.
Testing
TODO.
What does success look like, and how can we measure that?
Heat zones result in follow-up issues or code fixes in the MR.