Difference between revisions of "Static Application Security Testing (SAST)"
Jump to navigation
Jump to search
(→Tools) |
|||
(19 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Static | + | [[wikipedia:Static program analysis]] |
+ | == Tools == | ||
+ | * [[GitLab Ultimate 10.3]] https://docs.gitlab.com/ee/user/application_security/sast/ .[[gitlab-ci.yml]] or [[Auto SAST]] by [[Auto DevOps]], support for many languages including C/C++ ([[flawfinder]]) | ||
+ | * [[GitHub]] https://docs.github.com/en/code-security/getting-started/securing-your-repository#configuring-code-scanning | ||
+ | * [[Coverity]] (2002) from [[Synopsys]] | ||
+ | * [[Microfocus]] [[Fortify WebInspect]] | ||
+ | * [[Flawfinder]] | ||
+ | * [[Kubesec]] | ||
+ | * [[SonarQube]] (2006-2007) [[open source]] | ||
+ | * [[Veracode]] | ||
+ | |||
+ | == Related terms == | ||
+ | * {{AST}} | ||
+ | * [[CodeQL]] | ||
== See also == | == See also == | ||
+ | * {{SAST}} | ||
* {{Security}} | * {{Security}} | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 04:53, 17 August 2022
wikipedia:Static program analysis
Tools[edit]
- GitLab Ultimate 10.3 https://docs.gitlab.com/ee/user/application_security/sast/ .gitlab-ci.yml or Auto SAST by Auto DevOps, support for many languages including C/C++ (flawfinder)
- GitHub https://docs.github.com/en/code-security/getting-started/securing-your-repository#configuring-code-scanning
- Coverity (2002) from Synopsys
- Microfocus Fortify WebInspect
- Flawfinder
- Kubesec
- SonarQube (2006-2007) open source
- Veracode
Related terms[edit]
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
- CodeQL
See also[edit]
- SAST: Coverity, Fortify, Veracode, Thoma Bravo
- Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
Advertising: