We’re using semgrep to do static application security testing (SAST).
SAST Docker image#
There’s a SAST Docker image which we’re using for the tests.
The image also includes custom SAST rules, which we’re maintaining.
Read the Writing rules chapter of the official documentation, to maintain our custom rules.
SAST CI file#
While semgrep is a Python utility, it can be used to test many different languages.
Thus we’ve created a dedicated shared sast CI file, which can be included in all the projects requiring SAST.