SAST, Code Quality, Secret Detection
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10827463/pasted-from-clipboard.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10662965/pasted-from-clipboard.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10830443/pasted-from-clipboard.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10868844/logo_devops__3_.png)
Abdullah Fathi
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/9734998/GitLab_-_GitLab_Verified_Solutions_Architect_-_2022-06-28.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10662963/logo-kuda-01-01.png)
Pautan Muat Turun
Static Application Security Test
(SAST)
Gitlab SAST use analyzer to check source code for any known vulnerabilities
include:
- template: Jobs/SAST.gitlab-ci.yml
#Static Application Security Test (SAST)
sast:
stage: test
artifacts:
paths: [gl-sast-report.json]
reports:
sast: gl-sast-report.json
Custom SAST Parser
Transform gl-sast-report.json to HTML file for easiness of viewing and analyse the report
.sast_html: &sast_html
services:
- name: docker:dind
command: ["--tls=false"]
after_script:
- sleep 10
- apk add --update docker openrc
- docker pull pcfens/sast-parser
- alias sast-parser="docker run --rm -v \"$(pwd):/reports\" pcfens/sast-parser"
- sast-parser ${INPUT_JSON} > ${OUTPUT_HTML}
artifacts:
paths:
- ${OUTPUT_HTML}
nodejs-scan-sast:
<<: *sast_html
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375/
DOCKER_TLS_CERTDIR: ""
INPUT_JSON: "gl-sast-report.json"
OUTPUT_HTML: "nodejs-scan-sast.html"
Code Quality Test
- Gitlab uses plugins supported by Code Climate, which are free and open source. Code Quality does not require a Code Climate subscription.
- To ensure your project’s code stays simple, readable, and easy to contribute to
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/9356632/code_quality_test.png)
Secret Detection
Scans your repository to help prevent your secrets from being exposed. Secret Detection scanning works on all text files, regardless of the language or framework used
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml
Your feedback matters
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10694629/WhatsApp_Image_2023-08-23_at_10.44.59.jpeg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/802713/images/10694633/giphy.gif)
There are no secrets to success. It is the result of preparation, hard work, and learning from failure. - Colin Powell
THANK YOU
SAST, Code Quality, Secret Detection
By Abdullah Fathi
SAST, Code Quality, Secret Detection
- 58