Static Application Security Testing (SAST) is used to analyze source code or binaries and to detect holes or weak points in security. When automated, this contributes to making your DevOps methodology resemble DevSecOps, where security testing and awareness is part of the DevOps life cycle.
GitLab, in its Ultimate license model, provides automated testing as part of the development of your application.
Currently, the following languages and frameworks are supported:
Language/Framework | Scan tool |
---|---|
.NET | Security Code Scan |
C/C++ | Flawfinder |
Go | gosec |
Groovy (Gradle and Grail) | find-sec-bugs |
Java (Maven and Gradle) | find-sec-bugs |
JavaScript | ESLint security plugin |
Node.js | NodeJsScan |
PHP | phpcs-security-audit |
Python | bandit |
Ruby on Rails | brakeman |
Scala (sbt) | find-sec-bugs |
Typescript | TSLint Config Security |
First...