[FEATURE] Add static code analysis check

MrWong99 / gitscanner

Gitscanner is used to perform a variety of security checks against Git repositories and is expandable. Feel free to add your own checks.

MIT License

2 stars 1 forks source link

[FEATURE] Add static code analysis check #35

Open MrWong99 opened 2 years ago

MrWong99 commented 2 years ago

Is your feature request related to a problem? Please describe.

For most software security checks it is just best practice and very standard to run static code analysis tools.

Describe the solution you'd like

I want a tool driven, standardized and performant solution to perform static code analysis with a focus on security for the most common programming languages or frameworks starting with, but not limited to:

Java
Go
TypeScript
Python
Ruby

harshkolhatkar commented 2 years ago

Semgrep is an open source SAST tool which supports the languages you mentioned. There are publicly available rules which can be used, documented here: https://semgrep.dev/r Custom rules can be written as per use case

MrWong99 commented 2 years ago

Semgrep is an open source SAST tool which supports the languages you mentioned. There are publicly available rules which can be used, documented here: https://semgrep.dev/r Custom rules can be written as per use case

Sounds exactly like the perfect tool for the job an more! 😍

harshkolhatkar commented 2 years ago

/assign