gregandev
/
DevSecOps
mirror of https://github.com/ruanbekker/DevSecOps
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

semgrep limitations note

Browse Source
master
Marek Šottl 2 years ago committed by GitHub
parent ffc134b767
commit e097b03fa0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      README.md

2
README.md
Unescape View File

@ -147,6 +147,8 @@ Static code review tools working with source code and looking for known patterns
| **SonarQube community** | [https://github.com/SonarSource/sonarqube](https://github.com/SonarSource/sonarqube) | Detect security issues in code review with Static Application Security Testing (SAST) |![SonarQube](https://img.shields.io/github/stars/SonarSource/sonarqube?style=for-the-badge) |
| **gosec** | [https://github.com/securego/gosec](https://github.com/securego/gosec) | Inspects source code for security problems by scanning the Go AST. |![SonarQube](https://img.shields.io/github/stars/securego/gosec?style=for-the-badge) |
**Note:** Semgrep is free CLI tool, however some rulesets (https://semgrep.dev/r) are having various licences, some can be free to use and can be commercial.
OWASP curated list of SAST tools : https://owasp.org/www-community/Source_Code_Analysis_Tools
## DAST

Write Preview
Loading…
Cancel
Save