Bump SAST tools version

README.md

@@ -55,14 +55,14 @@ cd CodeSecTools
 
 ### SAST Tool Integration Status
 
-|SAST Tool|Languages|Maintained|Tested|
-|:---:|:---:|:---:|:---:|
-|Coverity|Java|❌ (Proprietary)|❌ (Proprietary)|
-|Semgrep Community Edition|C, Java|✅|✅|
-|Snyk Code|C, Java|✅|❌ (Rate limited)|
-|Bearer|Java|✅|✅|
-|SpotBugs|Java|✅|✅|
-|Cppcheck|C|✅|✅|
+|SAST Tool|Languages|Maintained|Continuous Testing|Last Test Date|
+|:---:|:---:|:---:|:---:|:---:|
+|Coverity|Java|❌<br>(Proprietary)|❌<br>(Proprietary)|October 2025|
+|Semgrep Community Edition|C/C++, Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|Snyk Code|C/C++, Java|✅|❌<br>(Rate limited)|November 2025|
+|Bearer|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|SpotBugs|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|Cppcheck|C/C++|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
 
 ## Usage
 

docs/sast/profiles/bearer.yaml

@@ -2,7 +2,7 @@ name: Bearer
 description: Bearer is a static application security testing (SAST) tool designed to scan your source code and analyze data flows to identify, filter, and prioritize security and privacy risks.
 type: Data Flow Analysis (Source code)
 url: https://github.com/Bearer/bearer
-supported_version: 1.151.0
+supported_version: 1.51.1
 supported_languages:
   - Java
 legal:

docs/sast/profiles/semgrepce.yaml

@@ -2,7 +2,7 @@ name: Semgrep Community Edition
 description: Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.
 type: Pattern matching
 url: https://github.com/semgrep/semgrep
-supported_version: 1.128.1
+supported_version: 1.143.0
 supported_languages:
   - C/C++
   - Java

docs/sast/profiles/snykcode.yaml

@@ -2,7 +2,7 @@ name: Snyk Code
 description: Snyk Code is a developer-first static application security testing (SAST) solution. By scanning code in real-time and providing actionable insights directly in the developer workflow across IDEs, repositories, and CI/CD pipelines, you can identify and address vulnerabilities early on. The AI-based engine results in fewer false positives for your developers, improving code quality and security.
 type: Data Flow Analysis (Source code)
 url: https://docs.snyk.io/scan-with-snyk/snyk-code
-supported_version: 1.1298.3
+supported_version: 1.1301.0
 supported_languages:
   - C/C++
   - Java

docs/sast/profiles/spotbugs.yaml

@@ -2,7 +2,7 @@ name: SpotBugs
 description: SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is a fork of FindBugs (which is now an abandoned project), carrying on from the point where it left off with support of its community.
 type: Data Flow Analysis (Compiled code)
 url: https://github.com/spotbugs/spotbugs
-supported_version: 4.9.7
+supported_version: 4.9.8
 supported_languages:
   - Java
 legal:

tests/Dockerfile

@@ -48,7 +48,7 @@ RUN pip install --no-cache semgrep
 # Bearer
 RUN curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | BINDIR=/usr/bin sh
 # SpotBugs
-RUN curl -sL https://github.com/spotbugs/spotbugs/releases/download/4.9.7/spotbugs-4.9.7.tgz | tar -xzvf - && \
+RUN curl -sL https://github.com/spotbugs/spotbugs/releases/download/4.9.8/spotbugs-4.9.8.tgz | tar -xzvf - && \
     mv spotbugs-* /tmp/spotbugs
 ENV PATH="/tmp/spotbugs/bin:$PATH"
 # Cppcheck