-
Would be great if one could have a flag/option to output Markdown or Plain Text example:
`sast-parser --html gl-sast-report.json` (default)
`sast-parser --markdown gl-sast-report.json`
`sast-…
-
Support an output format for SARIF to leverage the Security tab on repos and let GitHub ingest the data. https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-sup…
-
The [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) repo currently omits running the CodeQL action on commits that are documentation or yaml only as the CodeQL action …
-
**What would you like to be added**:
Please, ensure that a linter is enabled, a new release is created, and deployed.
> Python code shall be scanned with [Bandit](https://github.com/PyCQA/bandit?tab=…
-
**Describe the bug**
SAST tools are not detected in the [CII Best Practices badge code](https://github.com/coreinfrastructure/best-practices-badge)
**Reproduction steps**
Steps to reproduce the b…
-
current implementation may suffer while connecting with SAST instances configured with self-signed certificates. in order to be prepared for this application should be able to:
* allow end user to …
-
### Behaviour
#### Steps to reproduce this issue
1. download and unpack https://github.com/portapps/discord-portable/releases/download/1.0.9004-11/discord-portable-win32-1.0.9004-11.7z
2. run `…
-
**Describe the bug**
Semgrep fails with exit code 2 on GitLab Merge Request if '--no-suppress-errors' is set and there are no files to scan.
**To Reproduce**
Create a merge request in GitLab.
Ma…
-
**Describe the bug**
When EDE is enabled, EDE responses are not sent for DNSSEC failures.
**To reproduce**
Steps to reproduce the behavior:
1. Enable ede by adding "ede: yes".
2. dig @::1 d…
-
I'm encountering an issue where Trivy scans the entire repository instead of just the changed files or the latest commits.
I initially attempted the fetch-depth: 1 method in the checkout action, b…