diff options
author | mac-key <juliuskvedaras@yahoo.ie> | 2019-07-31 13:32:18 +0100 |
---|---|---|
committer | mac-key <juliuskvedaras@yahoo.ie> | 2019-07-31 13:32:18 +0100 |
commit | e1228978617cd1bc86c7e3f11c4f7759a9049eda (patch) | |
tree | 44df6f9cfa2886a2533d51eed11d0644eeee029b | |
parent | e6daf1000aae99f8ee0154ed70b55b5b662e1055 (diff) | |
download | gitlab-ce-docs-update-sast-analyzer-doc.tar.gz |
Moving the analyzer stringsdocs-update-sast-analyzer-doc
-rw-r--r-- | doc/user/application_security/sast/analyzers.md | 42 |
1 files changed, 13 insertions, 29 deletions
diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md index 8164e4bd494..8d7edbe53d4 100644 --- a/doc/user/application_security/sast/analyzers.md +++ b/doc/user/application_security/sast/analyzers.md @@ -17,35 +17,19 @@ This is achieved by implementing the [common API](https://gitlab.com/gitlab-org/ SAST supports the following official analyzers: -- [Bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit) -- [Brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman) -- [ESLint (Javascript)](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) -- [SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT)](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) -- [Flawfinder](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder) -- [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) -- [NodeJsScan](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan) -- [PHP CS security-audit](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit) -- [Secrets (Gitleaks, TruffleHog & Diffence secret detectors)](https://gitlab.com/gitlab-org/security-products/analyzers/secrets) -- [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan) -- [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint) -- [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow) -- [PMD Apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex) - -In order to use these analyzers please use the below values for the `SAST_DEFAULT_ANALYZERS` keyword: - -- Bandit: `bandit` -- Brakeman: `brakeman` -- ESLint (Javascript): `eslint` -- SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT): `spotbugs` -- Flawfinder: `flawfinder` -- Gosec: `gosec` -- NodeJsScan: `nodejs-scan` -- PHP CS security-audit: `phpcs-security-audit` -- Secrets (Gitleaks, TruffleHog & Diffence secret detectors): `secrets` -- Security Code Scan (.NET): `security-code-scan` -- TSLint (Typescript): `tslint` -- Sobelow (Elixir Phoenix): `sobelow` -- PMD Apex (Apex projects): `pmd-apex` +- [Bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit): `bandit` +- [Brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman): `brakeman` +- [ESLint (Javascript)](https://gitlab.com/gitlab-org/security-products/analyzers/eslint): `eslint` +- [SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT)](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs): `spotbugs` +- [Flawfinder](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder): `flawfinder` +- [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec): `gosec` +- [NodeJsScan](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan): `nodejs-scan` +- [PHP CS security-audit](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit): `phpcs-security-audit` +- [Secrets (Gitleaks, TruffleHog & Diffence secret detectors)](https://gitlab.com/gitlab-org/security-products/analyzers/secrets): `secrets` +- [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan): `security-code-scan` +- [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint): `tslint` +- [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow): `sobelow` +- [PMD Apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex): `pmd-apex` The analyzers are published as Docker images that SAST will use to launch dedicated containers for each analysis. |