Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
It will be nice to create issues on GitHub, GitLab etc automatically from the sarif and depscan files generated by scan. I'm thinking of adding a new command called reporter and an argument called --report to enable this functionality. The functionality will support some features with sane defaults:
Quantity - Single aggregated issue or 1 issue per severity
Filters based on category, tool name, and type
Severity
Git branch (Eg: master only)
Time permitting, I will also include integrations with Jira, clubhouse and Trello.
It will be nice to create issues on GitHub, GitLab etc automatically from the sarif and depscan files generated by scan. I'm thinking of adding a new command called
reporterand an argument called--reportto enable this functionality. The functionality will support some features with sane defaults:Time permitting, I will also include integrations with Jira, clubhouse and Trello.