diff options
| -rw-r--r-- | doc/user/application_security/sast/analyzers.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md index 59835aeba01..9eb74826139 100644 --- a/doc/user/application_security/sast/analyzers.md +++ b/doc/user/application_security/sast/analyzers.md @@ -29,6 +29,23 @@ SAST supports the following official analyzers: - [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan) - [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint) - [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow) +- [PMD Apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex) + +In order to use these analyzers please use the below values for the `SAST_DEFAULT_ANALYZERS` keyword: + +- Bandit: `bandit` +- Brakeman: `brakeman` +- ESLint (Javascript): `eslint` +- SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT): `spotbugs` +- Flawfinder: `flawfinder` +- Gosec: `gosec` +- NodeJsScan: `nodejs-scan` +- PHP CS security-audit: `phpcs-security-audit` +- Secrets (Gitleaks, TruffleHog & Diffence secret detectors): `secrets` +- Security Code Scan (.NET): `security-code-scan` +- TSLint (Typescript): `tslint` +- Sobelow (Elixir Phoenix): `sobelow` +- PMD Apex (Apex projects): `pmd-apex` The analyzers are published as Docker images that SAST will use to launch dedicated containers for each analysis. |