diff options
Diffstat (limited to 'doc/user/application_security/sast')
-rw-r--r-- | doc/user/application_security/sast/img/sast_v13_2.png | bin | 7703 -> 0 bytes | |||
-rw-r--r-- | doc/user/application_security/sast/index.md | 10 |
2 files changed, 9 insertions, 1 deletions
diff --git a/doc/user/application_security/sast/img/sast_v13_2.png b/doc/user/application_security/sast/img/sast_v13_2.png Binary files differdeleted file mode 100644 index 5697ed9beb0..00000000000 --- a/doc/user/application_security/sast/img/sast_v13_2.png +++ /dev/null diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index c64df616925..6e88f38d900 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -31,8 +31,8 @@ The results are sorted by the priority of the vulnerability: 1. High 1. Medium 1. Low +1. Info 1. Unknown -1. Everything else A pipeline consists of multiple jobs, including SAST and DAST scanning. If any job fails to finish for any reason, the security dashboard does not show SAST scanner output. For example, if the SAST @@ -71,6 +71,7 @@ You can also [view our language roadmap](https://about.gitlab.com/direction/secu | .NET Core | [Security Code Scan](https://security-code-scan.github.io) | 11.0 | | .NET Framework | [Security Code Scan](https://security-code-scan.github.io) | 13.0 | | Apex (Salesforce) | [PMD](https://pmd.github.io/pmd/index.html) | 12.1 | +| C | [Semgrep](https://semgrep.dev) | 14.2 | | C/C++ | [Flawfinder](https://github.com/david-a-wheeler/flawfinder) | 10.7 | | Elixir (Phoenix) | [Sobelow](https://github.com/nccgroup/sobelow) | 11.1 | | Go | [Gosec](https://github.com/securego/gosec) | 10.7 | @@ -146,6 +147,7 @@ as shown in the following table: | [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | | [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** | | [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** | +| [False Positive Detection](#false-positive-detection) | **{dotted-circle}** | **{check-circle}** | ## Contribute your scanner @@ -355,6 +357,12 @@ To create a custom ruleset: value = "gosec-config.json" ``` +### False Positive Detection **(ULTIMATE)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2. + +Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard. + ### Using CI/CD variables to pass credentials for private repositories Some analyzers require downloading the project's dependencies in order to |