Show threadmichabbbMar 2, 2025
• ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
• 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
https://github.com/gitleaks/gitleaks
GitHub - gitleaks/gitleaks: Find secrets with Gitleaks 🔑

Find secrets with Gitleaks 🔑. Contribute to gitleaks/gitleaks development by creating an account on GitHub.

GitHub
HabrDec 21, 2024

PVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)

Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при разработке безопасного программного обеспечения. Рассмотрим функциональные возможности, реализованные в PVS-Studio на конец 2024 года в отношении анализа исходного кода программного обеспечения, написанного на компилируемых языках программирования C, C++, C#, Java.

https://habr.com/ru/companies/pvs-studio/articles/868578/

#pvsstudio #информационная_безопасность #статический_анализ_кода #ГОСТ_Р_712072024 #ГОСТ_Р_71207 #ГОСТ_Р_56939 #SAST #c #c++ #java #c# #си #си++ #static_code_analysis #анализ_программы #анализ_потоков_данных #контекстночувствительный_анализ #критические_ошибки #CWE #SARIF #РБПО #разработка_безопасного_ПО #использование_чувствительных_данных

PVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)

Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при...

Хабр
Joxean Koret (@matalaz)Oct 12, 2024
TIL there is a thing called #Sarif, a Static Analysis Results Interchange Format, developed by Microsoft.
https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=c64ae352-bebf-446d-8ebf-018dc7d3eeb0
OASIS Static Analysis Results Interchange Format (SARIF) TC - OASIS

raptor Mar 22, 2024

Awesome tool released by @trailofbits

Streamline your static analysis triage with #SARIF Explorer

https://blog.trailofbits.com/2024/03/20/streamline-the-static-analysis-triage-process-with-sarif-explorer/

Streamline your static analysis triage with SARIF Explorer

By Vasco Franco Today, we’re releasing SARIF Explorer, the VSCode extension that we developed to streamline how we triage static analysis results. We make heavy use of static analysis tools during …

Trail of Bits Blog
ϺΛDИVTTΛHMar 7, 2024

Yup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too.  

I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.

#unbound #dns #dnssec #workflow #github #transparency

https://github.com/madnuttah/unbound-docker

GitHub - madnuttah/unbound-docker: 🛡️ This distroless Unbound Docker image is based on Alpine Linux with focus on security, privacy, performance and a small image size. And with Pi-hole in mind.

🛡️ This distroless Unbound Docker image is based on Alpine Linux with focus on security, privacy, performance and a small image size. And with Pi-hole in mind. - madnuttah/unbound-docker

GitHub
Anders EknertNov 30, 2023
Took some time to look into implementing a #SARIF output format option for #Regal yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for #golang and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.
aegilopsOct 10, 2023

I've made a Python  code linting Action ▶️ for GitHub  Code Scanning.

It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

ℹ️ that’s free for open source repos hosted on GitHub!

Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6

Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9

#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions

LinkedIn

This link will take you to a page that’s not on LinkedIn

raptor Aug 19, 2023

I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer

SARIF Viewer - Visual Studio Marketplace

Extension for Visual Studio Code - Adds support for viewing SARIF logs

aegilopsJun 21, 2023

I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

https://github.com/advanced-security/dart-analyzer-sarif

#AppSec #Dart #Flutter #Linting #SARIF #GitHub

GitHub - advanced-security/dart-analyzer-sarif: Convert `dart analyze` CLI output into SARIF

Convert `dart analyze` CLI output into SARIF. Contribute to advanced-security/dart-analyzer-sarif development by creating an account on GitHub.

GitHub
Sebastian Bergmann Jun 2, 2023

TIL: there is Static Analysis Results Interchange Format (#SARIF):

https://developers.redhat.com/articles/2023/05/31/improvements-static-analysis-gcc-13-compiler#sarif_output

Wondering what the benefits could be for #PHP if #Psalm and/or #PHPStan supported this.

Improvements to static analysis in the GCC 13 compiler | Red Hat Developer

GCC 13 includes enhancements to -fanalyzer, a static analysis pass that can identify issues at compile-time.

Red Hat Developer