gitlab 集成的一些SAST安全扫描工具
企业内部使用gitlab 作为源代码管理的越来越多了,同时目前gitlab 不少企业特性也开源的社区免费版了,以下是支持的SAST 清单可以参考
参考清单
Language (package managers) / framework | Scan tool | Introduced in GitLab Version |
---|---|---|
.NET Core | Security Code Scan | 11.0 |
.NET Framework | Security Code Scan | 13.0 |
Apex (Salesforce) | PMD | 12.1 |
C | Semgrep | 14.2 |
C/C++ | Flawfinder | 10.7 |
Elixir (Phoenix) | Sobelow | 11.1 |
Go | Gosec | 10.7 |
Go | Semgrep | 14.4 |
Groovy (Ant, Gradle, Maven, and SBT) | SpotBugs with the find-sec-bugs plugin | 11.3 (Gradle) & 11.9 (Ant, Maven, SBT) |
Helm Charts | Kubesec | 13.1 |
Java (any build system) | Semgrep | 14.10 |
Java (Ant, Gradle, Maven, and SBT) | SpotBugs with the find-sec-bugs plugin | 10.6 (Maven), 10.8 (Gradle) & 11.9 (Ant, SBT) |
Java (Android) | MobSF (beta) | 13.5 |
JavaScript | ESLint security plugin | 11.8 |
JavaScript | Semgrep | 13.10 |
Kotlin (Android) | MobSF (beta) | 13.5 |
Kotlin (General) | SpotBugs with the find-sec-bugs plugin | 13.11 |
Kubernetes manifests | Kubesec | 12.6 |
Node.js | NodeJsScan | 11.1 |
Objective-C (iOS) | MobSF (beta) | 13.5 |
PHP | phpcs-security-audit | 10.8 |
Python (pip) | bandit | 10.3 |
Python | Semgrep | 13.9 |
React | ESLint react plugin | 12.5 |
React | Semgrep | 13.10 |
Ruby | brakeman | 13.9 |
Ruby on Rails | brakeman | 10.3 |
Scala (Ant, Gradle, Maven, and SBT) | SpotBugs with the find-sec-bugs plugin | 11.0 (SBT) & 11.9 (Ant, Gradle, Maven) |
Swift (iOS) | MobSF (beta) | 13.5 |
TypeScript | ESLint security plugin | 11.9, merged with ESLint in 13.2 |
TypeScript | Semgrep | 13.10 |
说明
以上尽管是gitlab 直接使用的,但是基本都是基于开源的,我们也可以应用到自己的项目中