Static Application Security Testing OverviewβοΈ
EPAM Delivery Platform provides the implemented Static Application Security Testing support allowing to work with the Semgrep security scanner and the DefectDojo vulnerability management system to check the source code for known vulnerabilities.
Supported LanguagesβοΈ
EDP SAST supports a number of languages and package managers.
| Language (Package Managers) | Scan Tool | Build Tool |
|---|---|---|
| Java | Semgrep | Maven, Gradle |
| Go | Semgrep | Go |
| React | Semgrep | Npm |
Supported Vulnerability Management SystemβοΈ
To get and then manage a SAST report after scanning, it is necessary to deploy the vulnerability management system, for instance, DefectDojo.
DefectDojoβοΈ
DefectDojo is a vulnerability management and security orchestration platform that allows managing the uploaded security reports.
Inspect the prerequisites and the main steps for installing DefectDojo on Kubernetes or OpenShift platforms.