Add SAST analyzer for Typescript (!1) · Merge requests · GitLab.org / security-products / analyzers / tslint

Lucas Charles requested to merge add-tslint-analyzer into master Feb 14, 2019

What does this MR do?

Adds the initial version of the tslint analyzer for running SAST scans on typescript projects. This uses the TSLint security plugin to test typescript code against 16 different security rules.

Huge thanks to @groulot for inspiration on analyzers/eslint, I was able to adapt the vast majority of his code to make this one straightforward.

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ee/issues/7158

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
~~[ ] Job definition updated, if necessary~~
- ~~[ ] Auto-DevOps template~~
- ~~[ ] Job definition example~~
- ~~[ ] CI Templates~~
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited Feb 19, 2019 by Lucas Charles

Add SAST analyzer for Typescript

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports