SAST IDE integration
This project brings together the components of GitLab's "SAST in the IDE" solution for the purposes of development, benchmarking, and deployment.
Components
-
scanner service - a Cloud Connector
backend service deployed with Runway, see
.runway/
. -
sast-rules
- the ruleset deployed with the scanner service. (not currently enforced) - IDE components: LSP language server and GitLab Workflow extension for VS Code.
- benchmarking suite for evaluating service performance.
Setup
Note: The development scripts are currently zsh
.
Run
./scripts/setup.sh
The setup script:
- uses
asdf
ormise
to installgo
,python
, andruby
. If a plugin is missing, a prompt will ask to install it. - checks out submodules.
- creates a Python virtual environment and installs
semgrep
withpip
- runs
asdf install
(ormise install
) andnpm ci
in thegitlab-lsp
andgitlab-vscode-extension
submodules - uses
go
to install theGit
hook managerlefthook
, and sets it up.
This covers the prerequisites of each component:
- The
sast-scanner-service
is written ingo
, but relies onsemgrep
which is distributed viapython
. - The
sast-rules
project distribution ofsemgrep
rules is built with aruby
script. - Both
gitlab-lsp
andgitlab-vscode-extension
projects manage their requirements in.tool-versions
files.