-
The "Code security and analysis" personal org settings page lists several options for Dependabot SCA third party security scans, but lists no option for CodeQL SAST first party security scans.
This…
-
https://docs.gitlab.com/ee/user/application_security/sast/
-
SAST and CI-Test use the `PR.App.Slug` field to determine if a SAST/CI tool is used. When running scorecard's GitHub action, we detect our own action as a SAST/CI tool.
We should exclude it. The UR…
-
There currently doesn't seem to be a way to specify build failure criteria for FoD SAST and open source scans. (For instance, fail the build if any critical SAST or OSS issues are detected.) Are there…
-
See details [here](https://examplesasttool.com/app/issue/38572946895)
-
We've recently started using audit-ci in our pipelines. For the tool semgrep that we use, they can output a Gitlab SAST compatible reporting format that GitLab can understand and integrate into its UI…
-
### Describe the User Story
As a security minded engineer,
so that the code is more secure,
I want to have SAST in a CI workflow
### Acceptance Criteria
There is a SAST scanner in the CI workfl…
-
We have many customers that pass custom `targs/sargs` when starting ScanCentral scans remotely, including:
- filter files (`-filter`)
- custom rules (`-rules`)
- scan precision (`-scan-precisi…
-
Context: https://github.com/google/brotli/security/code-scanning/4
Quick view on actions panel reveals that report is not true: https://github.com/google/brotli/actions/workflows/codeql.yml?query=bra…
-
**Is your feature request related to a problem? Please describe.**
The project is penalized on SAST check, but the project's language is not supported by any of the SAST tools that Scorecard consider…