Get full access to Mastering GitLab 12 and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

The static analysis of security vulnerabilities

Static Application Security Testing (SAST) is used to analyze source code or binaries and to detect holes or weak points in security. When automated, this contributes to making your DevOps methodology resemble DevSecOps, where security testing and awareness is part of the DevOps life cycle.

GitLab, in its Ultimate license model, provides automated testing as part of the development of your application.

Currently, the following languages and frameworks are supported:

Language/Framework	Scan tool
.NET	Security Code Scan
C/C++	Flawfinder
Go	gosec
Groovy (Gradle and Grail)	find-sec-bugs
Java (Maven and Gradle)	find-sec-bugs
JavaScript	ESLint security plugin
Node.js	NodeJsScan ...

Get Mastering GitLab 12 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now