S

SAST

SAST Analyzer based on Semgrep

SAST Analyzer for detecting leaked secrets

GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.

A post-processor for computing the scope+offset fingerprint.

Rule Repository for GitLab SAST

A project containing "vulnerable" code for testing GitLab SAST functionality.

This project sets up Static Application Security Testing (SAST) in a GitLab CI/CD pipeline using two tools:

NJSScan → A security scanner specialized for JavaScript applications. It analyzes source code and flags insecure coding patterns and vulnerabilities.

Semgrep → A lightweight, multi-language static analysis tool that uses rulesets (such as p/javascript) to detect vulnerabilities, insecure practices, and style issues across different programming languages.

Veracode upload and scan component. This component will run a Veracode static scan as Sandbox scan or as policy scan.

Veracode Pipeline Scan Component This Veracode Pipeline Scan component runs the Veracode pipeline-scan as an action on any GitHub pipeline

The only pre-requisites is to have the application compiled/packaged according the Veracode Packaging Instructions here

About The pipeline-scan component is designed to be used in a CI/CD pipeline to submit a binary or source code zip to Veracode for security scanning.

For more information on Pipeline Scan, visit the Veracode Docs.

The diplom project of the Yandex practicum

AI DevSecOps Serverless Scanners.

An example project staged to demonstrate the usage of Veracode's SAST scanning tools within CI/CD pipeline.