From 6970f6e236827faebfbdbb94cd75ea3599ad2c2a Mon Sep 17 00:00:00 2001 From: mac-key Date: Wed, 31 Jul 2019 12:28:45 +0100 Subject: Add SAST default analyzer strings and add missing SAST analyzer from the docs --- doc/user/application_security/sast/analyzers.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md index 59835aeba01..9eb74826139 100644 --- a/doc/user/application_security/sast/analyzers.md +++ b/doc/user/application_security/sast/analyzers.md @@ -29,6 +29,23 @@ SAST supports the following official analyzers: - [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan) - [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint) - [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow) +- [PMD Apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex) + +In order to use these analyzers please use the below values for the `SAST_DEFAULT_ANALYZERS` keyword: + +- Bandit: `bandit` +- Brakeman: `brakeman` +- ESLint (Javascript): `eslint` +- SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT): `spotbugs` +- Flawfinder: `flawfinder` +- Gosec: `gosec` +- NodeJsScan: `nodejs-scan` +- PHP CS security-audit: `phpcs-security-audit` +- Secrets (Gitleaks, TruffleHog & Diffence secret detectors): `secrets` +- Security Code Scan (.NET): `security-code-scan` +- TSLint (Typescript): `tslint` +- Sobelow (Elixir Phoenix): `sobelow` +- PMD Apex (Apex projects): `pmd-apex` The analyzers are published as Docker images that SAST will use to launch dedicated containers for each analysis. -- cgit v1.2.1