Highest Voted 'sast' Questions

0

votes

1 answer

Checkmarx Second Order SQL Injection C#

I'm getting this error from Checkmarx: The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed…

asked Jul 19 '22 at 08:21

Gökhan Bozkurt

1
1

0

votes

1 answer

Sonar Cube- Code view not visible for Bugs fixing

I am not able to see code snippets for issues reported in sonar cube. It is showing message as "if code is not visible Due to security settings, no source code can be displayed." Anyone know how to enable code view

sonarqube sast

asked Dec 30 '21 at 06:30

user14373530

1

0

votes

1 answer

Feature and price comparison of continuous inspection / static application security testing platforms

Is there any representative comparison among major continuous inspection and static application security testing (SAST) platforms like SonarQube, Coverity, CodeScene, TeamScale, etc?

sonarqube coverity sast

asked Oct 28 '21 at 10:05

honzajscz

2,850
1
27
29

0

votes

1 answer

Can SonarQube be used for SAST for a dot net core version 3.2 application?

For a dot net core 3.2 application, can we use SonarQube for Static Application Security Testing (SAST)? If not, then what could be the alternatives. I am from the Java background and I am aware that plugins like FindSecBugs can be used with…

jenkins .net-core sonarqube sast

asked Oct 20 '21 at 08:20

VSTech

77
3
11

0

votes

1 answer

PowerShell SAST / OWASP 10

I am currently developing a PowerShell script with 10k lines of code connecting to a SQL DB. While it is considered a best practice to use plug-ins in the IDE for example for Java or C# to scan the code (Resharper/ Fortify or Sonarcube plugin) and…

powershell security sonarqube fortify sast

asked Aug 20 '21 at 13:57

Chris

143
7

0

votes

1 answer

checkmarx stored absolute path traversal

We are trying to fix some issue reported by checkmarx, I have to say Stored xxx serial issue are hard to find a solution. About this one, We have following code PreparedStatement ps = conn.prepareStatement(sql); ResultSet rs = ps.executeQuery(); if…

java checkmarx secure-coding path-traversal sast

asked Jun 29 '21 at 03:42

Vincent Chen

245
2
6
13

0

votes

1 answer

Handle Different Git branches during code scan in Checkmarx?

I have different code branches in GIT? When i am running checkmarx on these branches, I don't get to know from which branch scan is done. IS there any way checkmarx also tell from which branch scan was triggered?

git-branch gitlab-ci-runner checkmarx sast

asked May 19 '21 at 12:54

Deepak Garg

149
1
10

0

votes

0 answers

Application security scanner

I am working on a project to develop a SAST(static application security testing) scanner. Can people suggest best practices to read the code base quicker? I got few ideas like using AST or BCEL. Please suggest

security findbugs brakeman sast

asked May 11 '21 at 12:59

Bhuvaneshwari Iyer

1
2

0

votes

0 answers

SAST Issue - Improper Resource Access Authorization

I am using Checkmarx security tool to scan my code. It is throwing Improper Resource Access Authorization error in the repository. @Query(value="select * from mapping_table where project_id = :projectId", nativeQuery=true) List …

java spring-boot checkmarx secure-coding sast

asked May 04 '21 at 08:14

Kawsalya T

1
1

0

votes

0 answers

how to fix the "Command Injection" issue by Checkmarx for python code "args=parser.parse_args()"?

I have a python code which parses the input parameters like the following: parser = argparse.ArgumentParser(description='Information injection in file.') # , usage=usage()) requiredNamed =…

python checkmarx secure-coding sast commandinjection

asked Apr 30 '21 at 19:03

boxu

1
1
1

0

votes

0 answers

How to integrate Veracode SAST and DAST scan in Gitlab CI/CD pipeline

I am trying to integrate a SAST and DAST scan in a Gitlab CI/CD pipeline. Here is my gitlab-ci.yml so far: Pipeline Scan Static Analysis: image: veracode/pipeline-scan:latest stage: Security_Scan only: - Feature Branch script: - zip myapp.zip…

gitlab-ci veracode gitlab-pipelines sast

asked Apr 23 '21 at 18:23

user15650937

9
1

0

votes

1 answer

How to configure GitLab's phpcs-security-audit analyzer?

I am trying to use phpcs-security-audit by including GitLab's SAST template. It generates a report as expected, but the report is filled with warnings from libraries and specific warnings that I would like to ignore for the report to be useful. If I…

php gitlab gitlab-ci phpcs sast

asked Apr 20 '21 at 09:41

August Janse

290
1
6
18

0

votes

1 answer

Checkmarx SAST scan code with external unaccessible dependencies in pom.xml

General: code to scan are .java files (Java EE), dependencies are provided as separate JARs Goal: How can I provide checkmarx with all the required Java dependencies to build the project to get as sound and complete a scan as possible? I'm not…

java maven checkmarx sast

asked Mar 17 '21 at 13:51

EvieFlow

1
1

-1

votes

1 answer

Is SonarQube the only open source SAST tool

I want to implement SAST on our CICD pipeline and I can't find opensource SAST tools except sonarqube. Is there any alternative tools to sonarqube? I just want to explore other tools but can't find any opensource tools..

sonarqube static-analysis cicd sast

asked Jun 21 '23 at 13:50

Syed ayaz

1
1

-1

votes

1 answer

running precommit hooks with codeql/GHAS sast scans?

I'm just getting started with CodeQL and we have a requirement from our devs to CodeQL sast scans as precommit hooks. I could not find any docs on how to set up CodeQL to make it run on my machine. Additional context (to answer questions…

pre-commit-hook pre-commit codeql sast

asked May 25 '23 at 16:24

nnay84

167
1
12

Questions tagged [sast]