Labels

Issues and epics related to the Secure & Defend Section FY21 initiative to be recognized as a AST leader by accelerating maturity of SAST, DAST, Dependency Scanning, Fuzz Testing, and Vulnerability Management.

https://about.gitlab.com/direction/geo/disaster_recovery/

Epics and issues related to Static Application Security Testing product category

Issues related to the IaC Scanning feature area; see https://docs.gitlab.com/ee/user/application_security/iac_scanning/. (Note that IaC Scanning is part of ~Category:SAST.)

Issues related to Lightz Analyzer - SAST engine

Issues related to the Lightz's Analyzer, artifacts processing, storing and displaying - SAST

This issue relates to the source-available SAST-rules project, not to the ruleset used in Advanced SAST. For details on rulesets, see https://docs.gitlab.com/ee/user/application_security/sast/rules.html#source-of-rules.

Marks an item as related and relevant to the GitLab SAST Rules project and associated components.

Denotes the inclusion, modification and combination of an externally sourced SAST rule with an internally developed one.

Denotes the creation from scratch, or mostly from scratch, of a SAST rule.

Denotes an improvement in a SAST rule.

Denotes that an externally sourced SAST rule should be included as-is or with minimal changes.

Denotes a given SAST rule as a potentially suitable candidate for re-licensing.

Denotes that the creation or inclusion of a suggested SAST rule should be skipped.

https://gitlab.com/groups/gitlab-com/-/epics/1899

[Use priority::1 instead.] Denotes denotes a high priority rule, likely coming from a customer escalation or reported to us as desirable by potential customers.

[Use priority::2 instead.] Denotes denotes a moderate priority rule, one we should research and implement in the near term.

[Use priority::3 instead.] Denotes denotes a medium priority rule, one we should look to implement in the mid term.