企业内部使用gitlab 作为源代码管理的越来越多了,同时目前gitlab 不少企业特性也开源的社区免费版了,以下是支持的SAST 清单可以参考
参考清单
Language (package managers) / framework | Scan tool | Introduced in GitLab Version |
.NET Core | 11.0 | |
.NET Framework | 13.0 | |
Apex (Salesforce) | PMD | 12.1 |
C | 14.2 | |
C/C++ | 10.7 | |
Elixir (Phoenix) | 11.1 | |
Go | Gosec | 10.7 |
Go | 14.4 | |
SpotBugs find-sec-bugs plugin | 11.3 (Gradle) & 11.9 (Ant, Maven, SBT) | |
Helm Charts | 13.1 | |
Java (any build system) | 14.10 | |
SpotBugs find-sec-bugs plugin | 10.6 (Maven), 10.8 (Gradle) & 11.9 (Ant, SBT) | |
Java (Android) | 13.5 | |
JavaScript | 11.8 | |
JavaScript | 13.10 | |
Kotlin (Android) | 13.5 | |
Kotlin (General) | SpotBugs find-sec-bugs plugin | 13.11 |
Kubernetes manifests | 12.6 | |
Node.js | 11.1 | |
Objective-C (iOS) | 13.5 | |
PHP | 10.8 | |
Python (pip) | bandit | 10.3 |
Python | 13.9 | |
React | 12.5 | |
React | 13.10 | |
Ruby | 13.9 | |
Ruby on Rails | 10.3 | |
SpotBugs find-sec-bugs plugin | 11.0 (SBT) & 11.9 (Ant, Gradle, Maven) | |
Swift (iOS) | 13.5 | |
TypeScript | 11.9, merged with ESLint in 13.2 | |
TypeScript | 13.10 |
说明
以上尽管是gitlab 直接使用的,但是基本都是基于开源的,我们也可以应用到自己的项目中
标签:SAST,Semgrep,SBT,gitlab,扫描,Gradle,Maven,Ant,find From: https://blog.51cto.com/rongfengliang/5981876