From 3cb6070441a40a298afb77e9cff18e74eb511c9d Mon Sep 17 00:00:00 2001 From: Villon CHEN Date: Thu, 20 Nov 2025 16:19:38 +0100 Subject: [PATCH 1/2] docs(sasts): bump SAST tools version --- docs/sast/profiles/bearer.yaml | 2 +- docs/sast/profiles/semgrepce.yaml | 2 +- docs/sast/profiles/snykcode.yaml | 2 +- docs/sast/profiles/spotbugs.yaml | 2 +- tests/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sast/profiles/bearer.yaml b/docs/sast/profiles/bearer.yaml index 743cd66..fec627f 100644 --- a/docs/sast/profiles/bearer.yaml +++ b/docs/sast/profiles/bearer.yaml @@ -2,7 +2,7 @@ name: Bearer description: Bearer is a static application security testing (SAST) tool designed to scan your source code and analyze data flows to identify, filter, and prioritize security and privacy risks. type: Data Flow Analysis (Source code) url: https://github.com/Bearer/bearer -supported_version: 1.151.0 +supported_version: 1.51.1 supported_languages: - Java legal: diff --git a/docs/sast/profiles/semgrepce.yaml b/docs/sast/profiles/semgrepce.yaml index f04b166..aeb7b82 100644 --- a/docs/sast/profiles/semgrepce.yaml +++ b/docs/sast/profiles/semgrepce.yaml @@ -2,7 +2,7 @@ name: Semgrep Community Edition description: Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows. type: Pattern matching url: https://github.com/semgrep/semgrep -supported_version: 1.128.1 +supported_version: 1.143.0 supported_languages: - C/C++ - Java diff --git a/docs/sast/profiles/snykcode.yaml b/docs/sast/profiles/snykcode.yaml index 081ab15..d648968 100644 --- a/docs/sast/profiles/snykcode.yaml +++ b/docs/sast/profiles/snykcode.yaml @@ -2,7 +2,7 @@ name: Snyk Code description: Snyk Code is a developer-first static application security testing (SAST) solution. By scanning code in real-time and providing actionable insights directly in the developer workflow across IDEs, repositories, and CI/CD pipelines, you can identify and address vulnerabilities early on. The AI-based engine results in fewer false positives for your developers, improving code quality and security. type: Data Flow Analysis (Source code) url: https://docs.snyk.io/scan-with-snyk/snyk-code -supported_version: 1.1298.3 +supported_version: 1.1301.0 supported_languages: - C/C++ - Java diff --git a/docs/sast/profiles/spotbugs.yaml b/docs/sast/profiles/spotbugs.yaml index 28e2417..44f25c7 100644 --- a/docs/sast/profiles/spotbugs.yaml +++ b/docs/sast/profiles/spotbugs.yaml @@ -2,7 +2,7 @@ name: SpotBugs description: SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is a fork of FindBugs (which is now an abandoned project), carrying on from the point where it left off with support of its community. type: Data Flow Analysis (Compiled code) url: https://github.com/spotbugs/spotbugs -supported_version: 4.9.7 +supported_version: 4.9.8 supported_languages: - Java legal: diff --git a/tests/Dockerfile b/tests/Dockerfile index c6305ea..c223b6a 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -48,7 +48,7 @@ RUN pip install --no-cache semgrep # Bearer RUN curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | BINDIR=/usr/bin sh # SpotBugs -RUN curl -sL https://github.com/spotbugs/spotbugs/releases/download/4.9.7/spotbugs-4.9.7.tgz | tar -xzvf - && \ +RUN curl -sL https://github.com/spotbugs/spotbugs/releases/download/4.9.8/spotbugs-4.9.8.tgz | tar -xzvf - && \ mv spotbugs-* /tmp/spotbugs ENV PATH="/tmp/spotbugs/bin:$PATH" # Cppcheck From 24a461ee157f55b5ee128f2187974a6ca1328526 Mon Sep 17 00:00:00 2001 From: Villon CHEN Date: Thu, 20 Nov 2025 16:20:32 +0100 Subject: [PATCH 2/2] docs(sasts): add SAST tools integration status --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 69b431b..65f778d 100644 --- a/README.md +++ b/README.md @@ -55,14 +55,14 @@ cd CodeSecTools ### SAST Tool Integration Status -|SAST Tool|Languages|Maintained|Tested| -|:---:|:---:|:---:|:---:| -|Coverity|Java|❌ (Proprietary)|❌ (Proprietary)| -|Semgrep Community Edition|C, Java|✅|✅| -|Snyk Code|C, Java|✅|❌ (Rate limited)| -|Bearer|Java|✅|✅| -|SpotBugs|Java|✅|✅| -|Cppcheck|C|✅|✅| +|SAST Tool|Languages|Maintained|Continuous Testing|Last Test Date| +|:---:|:---:|:---:|:---:|:---:| +|Coverity|Java|❌
(Proprietary)|❌
(Proprietary)|October 2025| +|Semgrep Community Edition|C/C++, Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)| +|Snyk Code|C/C++, Java|✅|❌
(Rate limited)|November 2025| +|Bearer|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)| +|SpotBugs|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)| +|Cppcheck|C/C++|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)| ## Usage