search

DataDog / datadog-static-analyzer

Datadog Static Analyzer
https://docs.datadoghq.com/static_analysis/
Apache License 2.0
100 stars 13 forks source link

[STAL-2964] Validate and export validation status in SARIF #527

Closed juli1 closed 1 month ago

juli1 commented 1 month ago

What problems are you trying to solve?

  1. Validate the secrets
  2. Show the validation status in SARIF

What is your solution?

  1. Run the validation when we find matches
  2. Export the validation status in SARIF using a property
  3. Adapt the severity of the rule based on the validation status

What the reviewer should know

In order to export the validation status in SARIF, we introduce a struct called SarifViolation. The goal is to avoid introducing any secret-specific data in the static-analysis-kernel crate and keep it agnostic of the secret aspects.