OtherGitLab ComponentsStatic Application Security Testing

Static Application Security Testing

The Static Application Security Testing (sast) component focuses on Static Application Security Testing (SAST) to analyze your source code for vulnerabilities without executing it. This component helps in identifying security flaws early in the development cycle, ensuring that code quality and security are prioritized before deployment.

The sast accept a following inputs:

NameDescriptionRequiredDefault Value
api_urlThe DevGuard API URLNohttps://api.main.devguard.org
asset_nameName of the asset to scanYes
tokenAPI token for authenticating with DevGuardYes
scan_stageThe stage where the scan is runNotest
runner_tagsThe runner tags used to select appropriate CI runners.No""

Usage Example: Here’s an example of how to call this component:

include:
- remote: "https://gitlab.com/l3montree/devguard/-/raw/main/templates/sast.yml"
  inputs:
    asset_name: "myOrgnaization/projects/myProject/assets/myAsset"
    token: "$DEVGUARD_TOKEN"