Sken for SAST Scans
Static Application Security Testing
“White box security testing”
Find Security issues in application source code
Ensure secure coding guidelines
No need to build or execute underlying code
Catch bugs that are not known elsewhere
Complements OSS and infrastructure vulnerabilities
Help DevOps secure apps without slowing them down
SAST scan runs on every build
Find bugs introduced by Developers
Fix bugs during DevOps process
Open Source Scanners included in Sken for SAST
SAST
find-sec-bugs
NodeJScan
brakeman
bandit
Gosec
PHPCodeSniffer
ES Lint
TSLint