-
Notifications
You must be signed in to change notification settings - Fork 3
Add a SAST to the repo #13
Copy link
Copy link
Open
Labels
good first issueGood for newcomersGood for newcomershelp wantedExtra attention is neededExtra attention is neededhigh priorityThis should be solved quicklyThis should be solved quicklyinfrastructuresomthing related to the workflow of the projectsomthing related to the workflow of the project
Milestone
Description
Metadata
Metadata
Assignees
Labels
good first issueGood for newcomersGood for newcomershelp wantedExtra attention is neededExtra attention is neededhigh priorityThis should be solved quicklyThis should be solved quicklyinfrastructuresomthing related to the workflow of the projectsomthing related to the workflow of the project
https://opensource.guide/security-best-practices-for-your-project/#security-vulnerabilities-in-your-code-are-cheaper-to-fix-when-detected-early-in-the-process-than-later-when-they-are-used-in-production
According to this github guide there is some things we should do to create a safe project enviromnet. One of the most critical and easy to integrate thing in this state of the project is a Static Application Security Testing (SAST) tool which detects security vulnerabilities in the code while not ruining the code.
by adding this: https://github.com/marketplace/actions/sast-action
to the github actions we can use this easly.
Another option to check out: https://semgrep.dev/pricing/
This should read and analyze pushed code and explain the vulnerabilities if found.