SASTΒΆ
Weβre using semgrep to do static application security testing (SAST).
Hint
While semgrep is a Python utility, it can be used to test different scripting, and programming languages. It even supports Docker (Compose) files.
SAST Docker imageΒΆ
Thereβs a SAST Docker image which is used by the SAST CI pipeline to run semgrep with the official registry rules, but also our custom SAST rules.
SAST rulesΒΆ
The SAST Docker image also includes custom SAST rules, which weβre maintaining.
Note
Read the Writing rules chapter of the official documentation, to maintain our custom rules.
SAST CI pipelineΒΆ
Since weβre leveraging Shared GitLab CI files, we also have a shared SAST pipeline, which is included in all the projects.