S

SAST

This project serves as a comprehensive reference implementation for enterprise DevSecOps practices, demonstrating how security, automation, and observability integrate seamlessly in modern cloud applications.

This project sets up Static Application Security Testing (SAST) in a GitLab CI/CD pipeline using two tools:

NJSScan → A security scanner specialized for JavaScript applications. It analyzes source code and flags insecure coding patterns and vulnerabilities.

Semgrep → A lightweight, multi-language static analysis tool that uses rulesets (such as p/javascript) to detect vulnerabilities, insecure practices, and style issues across different programming languages.

AI-powered security scanner that finds vulnerabilities and provides one-click fixes directly in GitLab merge requests. A reusable CI/CD Catalog component built with Google Cloud Vertex AI.

Components for running Puma Scan in GitLab CI/CD pipelines.

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

Veracode Fix for GitLab

Integrate OpenText Application Security (Fortify) with full access to 'fcli' commands for SAST, DAST, SCA, reporting and REST API capabilities.

Veracode Pipeline Scan Component This Veracode Pipeline Scan component runs the Veracode pipeline-scan as an action on any GitHub pipeline

The only pre-requisites is to have the application compiled/packaged according the Veracode Packaging Instructions here

About The pipeline-scan component is designed to be used in a CI/CD pipeline to submit a binary or source code zip to Veracode for security scanning.

For more information on Pipeline Scan, visit the Veracode Docs.

Veracode SAST Packaging Component This component will run the Veracode CLI package command to prepare the repository for static code analysis. Generated artifacts will be stored behind the name veracode-artifacts.

Veracode upload and scan component. This component will run a Veracode static scan as Sandbox scan or as policy scan.

AI DevSecOps Serverless Scanners.

Static Application Security Testing (SAST) checks your source code for known vulnerabilities.

The diplom project of the Yandex practicum

A ncurses interface to read Gitlab's SAST reports

GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.

Security scans as pipeline jobs. SAST, Secret Detection, etc.

Convert from SARIF to GitLab Code Quality and SAST report.

This project is for free tier self hosted GitLab users who are running the SAST and Password Detection scrips and looking for a way to add them visibly to the merge request.

Shiftleft CLI auto builder for Docker Hub