Highest Voted 'sast' Questions

1

vote

0 answers

Is there any SAST tool which supports Ballerina?

I am verifying the possibility for switching to Ballerina as a new strategy for our current wso2 solution. There are several pro's and con's. One major concern that I have is the lack of SAST support. Is someone able to confirm this concern or did I…

ballerina sast

asked Nov 15 '21 at 09:37

robster

11
1

1

vote

1 answer

MobSF Analyzer failing to work on Gitlab-ci

I'm trying to set up MobSF SAST within Gitlab-ci and having a few issues. I've followed the instructions within the Gitlab Docs and within the MobSF Gitlab repo However, when I add: To my .gitlab-ci.yml . I get a yml error stating that it could not…

gitlab continuous-integration gitlab-ci gitlab-ci-runner sast

asked Sep 17 '21 at 17:00

James Palfrey

753
6
29

1

vote

1 answer

Checkmarx found library which don't have in android project

Checkmarx OSA found: com.fasterxml.jackson.core:jackson-databind Your version is outdated However when I scan dependency I can't find as we have any jackson libraries in project. Do you know what problem could be?

android checkmarx sast

asked May 03 '21 at 21:23

Sergey Buzin

255
2
6

1

vote

4 answers

Excluding folders on CheckMarx scan

I'm working on implementing Checkmarx scans in our code repository. I'm using Jenkins and the CheckMarx plugin to accomplish this task. There are some folders I want to exclude from the scan; referencing the Jenkins plugin documentation it seems…

jenkins jenkins-plugins checkmarx sast devsecops

asked Apr 29 '21 at 21:31

JBerto

143
5
16

1

vote

1 answer

CheckMarkx :: HRA_JAVA_CGI_REFLECTED_XSS_ALL_CLIENTS issue

I am struggling with one of the CheckMarx vulnerabilities. I need some guidance to support this. Below is my code : try(Bufferedreader in = new BufferedReader(new InputStreamReader(con.getInputStream()))){ String content = null; …

java xss checkmarx secure-coding sast

asked Apr 07 '21 at 06:45

amu61

341
4
12

0

votes

1 answer

Error: "This ZIP Format is not supported" when running MobSF

When I run MobSF over my android source code I get the error: [ERROR] 22/Aug/2023 17:57:59 - This ZIP Format is not supported [ERROR] 22/Aug/2023 17:57:59 - Internal Server Error: /api/v1/scan [FATA] [MobSF] [2023-08-22T17:57:59Z]…

android sast mobsf

asked Aug 22 '23 at 22:01

Clintm

4,505
3
41
54

0

votes

0 answers

Jenkins build failing due to Checkmarx despite increasing Java heap space

My Jenkins build is failing after retrieving the SAST scan results from the Checkmarx Plugin. [Cx-Info]: Waiting for SAST scan results. Elapsed time: 00:43:26. 99% processed. Status: Finished. [Cx-Info]: SAST scan finished successfully. …

java jenkins jenkins-plugins heap-memory sast

asked Jun 12 '23 at 16:42

Paradox

4,602
12
44
88

0

votes

0 answers

New Coverity user, scan failing with "last build status: failed"

I am trying to use the free version of coverity scan on a python repo, but it returns the error: "Last Build Status: Failed - No further action needed.. Your build will be added back to the queue for analysis". I have created a project in Coverity…

coverity sast coverity-prevent

asked May 25 '23 at 08:01

Rommel Sunga

1
1

0

votes

0 answers

Gitlab security-code-scan-sast unable to build project from solution file using `nuget and `msbuild`

We have been trying to implement Gitlab SAST in our Gitlab CI/CD pipelines. When the pipeline runs, it triggers the security-code-scan-sast job and it returns an error in building the solution file like this: [FATA] [security-code-scan]…

gitlab gitlab-ci gitlab-ci-runner cicd sast

asked May 11 '23 at 06:37

Paul Digz

274
2
11

0

votes

0 answers

gl-sast-report.json artifact not found by GitLab-ci though it exists

I have a React.js project with a GitLab-CI configuration that includes SAST scanning. However, I'm running into an issue where the compliance job is unable to find the gl-sast-report.json file generated by the SAST scanner, even though the file is…

gitlab continuous-integration gitlab-ci sast

asked May 10 '23 at 16:25

Welsh

39
1
12

0

votes

0 answers

SonarCloud SAAS platform integration with Bamboo CI

These are the tools I am using: VCS Provider: BitBucket Cloud Orchestration tool: Bamboo CI SAST tool: SonarCloud (SAAS soln) Objective: Run automatic scans with SonarCloud whenever new code is pushed or PR is raised. I have created Bamboo CI…

bitbucket devops bamboo sonarcloud sast

asked Mar 01 '23 at 11:39

Shivam Gautam

11
2

0

votes

0 answers

Veracode scan for changed files in Pull request

I need to enable veracode for my application, so just wanted to know can we run the veracode for every pull request/merge request only for modified files? or scanning only once in a day on entire code is sufficient? There are 20 developers are…

pull-request veracode sca devsecops sast

asked Feb 02 '23 at 09:43

Naresh Ede

123
2
12

0

votes

1 answer

XSS detection in SAST tools

SAST tool detects a XSS (reflected) vulnerability , How to check this is false positive or not? @Path(RESET_CREDENTIALS_PATH) @POST public Response resetCredentialsPOST(@QueryParam(AUTH_SESSION_ID) String authSessionId, // optional, can get…

rest xss sast

asked Jan 16 '23 at 07:09

zahedimahzad

95
1
9

0

votes

0 answers

Flutter Android: Making spotbugs-SAST work

I am new to flutter multiplatform (web and mobile). I have the default spotbugs-SAST setup in gitlab CI for a flutter multiplatform project, and it fails because it does not like the Flutter-specific Android configurations. So, it wants me to…

android flutter flutter-android spotbugs sast

asked Jan 13 '23 at 17:08

user1909186

1,124
2
12
26

0

votes

5 answers

run eslint in multi repository project

let's say, I have following project…

eslint sast

asked Sep 21 '22 at 08:28

jonny

1,326
9
44
62

Questions tagged [sast]