ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
804 stars 111 forks source link

Taint flow to code flow conversion #323

Open prabhu opened 3 years ago

prabhu commented 3 years ago

For python and php, the tools can perform taint analysis to identify both source and sink. Despite this, only the source is reported for python and sink for php. It will be nice to report the sink and present both the source and the sink as codeFlows in SARIF.