home.social

#sarif — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sarif, aggregated by home.social.

fetched live
  1. • ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
    • 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
    github.com/gitleaks/gitleaks

  2. • ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
    • 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
    github.com/gitleaks/gitleaks

  3. • ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
    • 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
    github.com/gitleaks/gitleaks

  4. • ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
    • 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
    github.com/gitleaks/gitleaks

  5. • ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
    • 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
    github.com/gitleaks/gitleaks

  6. PVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)

    Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при разработке безопасного программного обеспечения. Рассмотрим функциональные возможности, реализованные в PVS-Studio на конец 2024 года в отношении анализа исходного кода программного обеспечения, написанного на компилируемых языках программирования C, C++, C#, Java.

    habr.com/ru/companies/pvs-stud

    #pvsstudio #информационная_безопасность #статический_анализ_кода #ГОСТ_Р_712072024 #ГОСТ_Р_71207 #ГОСТ_Р_56939 #SAST #c #c++ #java #c# #си #си++ #static_code_analysis #анализ_программы #анализ_потоков_данных #контекстночувствительный_анализ #критические_ошибки #CWE #SARIF #РБПО #разработка_безопасного_ПО #использование_чувствительных_данных

  7. PVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)

    Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при разработке безопасного программного обеспечения. Рассмотрим функциональные возможности, реализованные в PVS-Studio на конец 2024 года в отношении анализа исходного кода программного обеспечения, написанного на компилируемых языках программирования C, C++, C#, Java.

    habr.com/ru/companies/pvs-stud

    #pvsstudio #информационная_безопасность #статический_анализ_кода #ГОСТ_Р_712072024 #ГОСТ_Р_71207 #ГОСТ_Р_56939 #SAST #c #c++ #java #c# #си #си++ #static_code_analysis #анализ_программы #анализ_потоков_данных #контекстночувствительный_анализ #критические_ошибки #CWE #SARIF #РБПО #разработка_безопасного_ПО #использование_чувствительных_данных

  8. PVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)

    Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при разработке безопасного программного обеспечения. Рассмотрим функциональные возможности, реализованные в PVS-Studio на конец 2024 года в отношении анализа исходного кода программного обеспечения, написанного на компилируемых языках программирования C, C++, C#, Java.

    habr.com/ru/companies/pvs-stud

    #pvsstudio #информационная_безопасность #статический_анализ_кода #ГОСТ_Р_712072024 #ГОСТ_Р_71207 #ГОСТ_Р_56939 #SAST #c #c++ #java #c# #си #си++ #static_code_analysis #анализ_программы #анализ_потоков_данных #контекстночувствительный_анализ #критические_ошибки #CWE #SARIF #РБПО #разработка_безопасного_ПО #использование_чувствительных_данных

  9. Yup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too. :blobcatgiggle:

    I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.

    #unbound #dns #dnssec #workflow #github #transparency

    github.com/madnuttah/unbound-d

  10. Yup. The nightly build is there. I'm pretty confident that the will run too. :blobcatgiggle:

    I've added scanner. It will run on schedule for testing and will be later included into the . The report will be attached to madnuttah bot's releases as build artifact.

    github.com/madnuttah/unbound-d

  11. Yup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too. :blobcatgiggle:

    I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.

    #unbound #dns #dnssec #workflow #github #transparency

    github.com/madnuttah/unbound-d

  12. Yup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too. :blobcatgiggle:

    I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.

    #unbound #dns #dnssec #workflow #github #transparency

    github.com/madnuttah/unbound-d

  13. Yup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too. :blobcatgiggle:

    I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.

    #unbound #dns #dnssec #workflow #github #transparency

    github.com/madnuttah/unbound-d

  14. Took some time to look into implementing a #SARIF output format option for #Regal yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for #golang and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.

  15. Took some time to look into implementing a #SARIF output format option for #Regal yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for #golang and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.

  16. Took some time to look into implementing a output format option for yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.

  17. Took some time to look into implementing a #SARIF output format option for #Regal yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for #golang and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.

  18. I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.

    It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

    ℹ️ that’s free for open source repos hosted on GitHub!

    Read 📖 about it👇 on my blog:
    lnkd.in/es_pd2W6

    Try ⚙️ it👇 on the Actions ▶️ marketplace:
    lnkd.in/ei7-H2V9

    #Python #Linting #CodeQuality #Linters #SARIF #GitHubActions

  19. I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.

    It wraps up , , , , , and into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

    ℹ️ that’s free for open source repos hosted on GitHub!

    Read 📖 about it👇 on my blog:
    lnkd.in/es_pd2W6

    Try ⚙️ it👇 on the Actions ▶️ marketplace:
    lnkd.in/ei7-H2V9

  20. I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.

    It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

    ℹ️ that’s free for open source repos hosted on GitHub!

    Read 📖 about it👇 on my blog:
    lnkd.in/es_pd2W6

    Try ⚙️ it👇 on the Actions ▶️ marketplace:
    lnkd.in/ei7-H2V9

    #Python #Linting #CodeQuality #Linters #SARIF #GitHubActions

  21. I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.

    It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

    ℹ️ that’s free for open source repos hosted on GitHub!

    Read 📖 about it👇 on my blog:
    lnkd.in/es_pd2W6

    Try ⚙️ it👇 on the Actions ▶️ marketplace:
    lnkd.in/ei7-H2V9

    #Python #Linting #CodeQuality #Linters #SARIF #GitHubActions

  22. I've made a Python :python: code linting Action ▶️ for GitHub :github: Code Scanning.

    It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.

    ℹ️ that’s free for open source repos hosted on GitHub!

    Read 📖 about it👇 on my blog:
    lnkd.in/es_pd2W6

    Try ⚙️ it👇 on the Actions ▶️ marketplace:
    lnkd.in/ei7-H2V9

    #Python #Linting #CodeQuality #Linters #SARIF #GitHubActions

  23. I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

    It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

    marketplace.visualstudio.com/i

  24. I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

    It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

    marketplace.visualstudio.com/i

  25. I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

    It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

    marketplace.visualstudio.com/i

  26. I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

    It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

    marketplace.visualstudio.com/i

  27. I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!

    It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.

    marketplace.visualstudio.com/i

  28. I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

    That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

    github.com/advanced-security/d

    #AppSec #Dart #Flutter #Linting #SARIF #GitHub

  29. I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

    That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

    github.com/advanced-security/d

  30. I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

    That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

    github.com/advanced-security/d

    #AppSec #Dart #Flutter #Linting #SARIF #GitHub

  31. I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

    That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

    github.com/advanced-security/d

    #AppSec #Dart #Flutter #Linting #SARIF #GitHub

  32. I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

    That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

    github.com/advanced-security/d

    #AppSec #Dart #Flutter #Linting #SARIF #GitHub

  33. I have a plan around #Scala :scala:

    I want to statically analyse it using tools that understand #Java :java: , by decompiling the .class files that the Scala source compiles to, then analysing the decompiled Java source.

    That works 💪 (on trivial stuff!) but I need to match up line numbers. Scala‘s debug output in .tasty files and some decompiler info should do, but I haven’t done it yet.

    Thoughts?

    Know a good static analyser for Scala that outputs SARIF?

    #SAST #decompilation #SARIF

  34. I have a plan around :scala:

    I want to statically analyse it using tools that understand :java: , by decompiling the .class files that the Scala source compiles to, then analysing the decompiled Java source.

    That works 💪 (on trivial stuff!) but I need to match up line numbers. Scala‘s debug output in .tasty files and some decompiler info should do, but I haven’t done it yet.

    Thoughts?

    Know a good static analyser for Scala that outputs SARIF?

  35. I have a plan around #Scala :scala:

    I want to statically analyse it using tools that understand #Java :java: , by decompiling the .class files that the Scala source compiles to, then analysing the decompiled Java source.

    That works 💪 (on trivial stuff!) but I need to match up line numbers. Scala‘s debug output in .tasty files and some decompiler info should do, but I haven’t done it yet.

    Thoughts?

    Know a good static analyser for Scala that outputs SARIF?

    #SAST #decompilation #SARIF

  36. I have a plan around #Scala :scala:

    I want to statically analyse it using tools that understand #Java :java: , by decompiling the .class files that the Scala source compiles to, then analysing the decompiled Java source.

    That works 💪 (on trivial stuff!) but I need to match up line numbers. Scala‘s debug output in .tasty files and some decompiler info should do, but I haven’t done it yet.

    Thoughts?

    Know a good static analyser for Scala that outputs SARIF?

    #SAST #decompilation #SARIF