-
SAST and CI-Test use the `PR.App.Slug` field to determine if a SAST/CI tool is used. When running scorecard's GitHub action, we detect our own action as a SAST/CI tool.
We should exclude it. The UR…
-
## Environment
| Component | Version |
| ------------------ | ------- |
| Maven | 3.8.8 |
| Java | 21 |
| SpotBugs | 4.8.5.0 |
| FindSe…
-
Create a ToDo Application using the STUDENT App Catalog group in C#
-
Create a ToDo Application using the STUDENT App Catalog group in C#
-
Create a ToDo Application using the STUDENT App Catalog group in C#
-
https://github.com/trailofbits/gh-action-pip-audit/releases/tag/v1.0.0
worth considering as a SAST tool.
Wdut?
-
Extract the 10 testability patterns for PHP that are more impactful for SAST tools.
- we can start with the results from the NDSS paper
- if possible re-measure SAST tools against the reviewed PHP pa…
-
**Description of the false positive**
When `IO.read` is guarded by a check like `File.exists?`, isn't that a valid guard against injecting the `|` character into `Kernel.open`? I don't imagine that…
-
Provide a pattern based on the API for the community to build plugins and integrate with the IT ecosystem:
- pull evidences
- others?
Then we review the submissions before they become part of the…
-
Would be great if one could have a flag/option to output Markdown or Plain Text example:
`sast-parser --html gl-sast-report.json` (default)
`sast-parser --markdown gl-sast-report.json`
`sast-…