sast-scan v2.1.2 releases: open-source security tool for modern DevOps teams

by do son · Published November 1, 2020 · Updated February 15, 2023

sast-scan

Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose-built for workflow integration with nifty features such as automatic build breaker and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license.

The kind of flaws detected are:

Credentials Scanning to detect accidental secret leaks
Static Analysis Security Testing (SAST) for a range of languages and frameworks
Open-source dependencies audit
License violation checks

Scan philosophy

Your code, dependencies, and configuration are your business. No code would ever leave your builds. All scanners, rules, and data including the vulnerability database are downloaded locally to perform the scans
Out-of-the-box experience: Users shouldn’t have to configure or learn anything to use a scan across languages and pipelines

Bundled tools

Programming Language	Tools
ansible	ansible-lint
apex	pmd
arm	checkov
aws	checkov
bash	shellcheck
bom	cdxgen
credscan	gitleaks
depscan	dep-scan
go	gosec, staticcheck
groovy	find-sec-bugs
java	cdxgen, gradle, find-sec-bugs, pmd
jsp	pmd, find-sec-bugs
json	jq, jsondiff, jsonschema
kotlin	detekt, find-sec-bugs
scala	find-sec-bugs
kubernetes	checkov, kubesec, kube-score
nodejs	cdxgen, njsscan, eslint, yarn, rush
php	psalm, phpstan (ide only)
plsql	pmd
python	cfg-scan (*), bandit, cdxgen
ruby	dep-scan
rust	cdxgen
serverless	checkov
terraform	checkov, tfsec
Visual Force (vf)	pmd
Apache Velocity (vm)	pmd
yaml	yamllint