Introduction
Static Application Security Testing (SAST) identifies vulnerabilities within your source code. This guide details how to initiate and complete a SAST scan using version control platforms like GitHub, GitLab, and Bitbucket.
Prerequisites:
You should be signed in with CloudDefense.ai. If not, please refer to our guide on creating a CloudDefense.ai account.
Access to a repository on version control platforms that you wish to scan. Ensure you have administrative privileges to configure scans.
Step 1: Click on “Applications” on Navbar.
Step 2: Click the green “SCAN” button on the left side of the page, and choose a version control platform, here we will choose “GitHub” to proceed further.
Scan Public Repositories :
Step 1: Add Repositories
Follow this flow
- Input the URL of the repository or repositories you want to scan.
- Press “Enter” on keyboard
- Select the branches for the scan from the list that appears after clicking on “Select branch” .
- Press the green Scan repo button to begin scanning the selected repositories.
Identify SAST report
To identify the results of your SAST scan, use the dropdown menu on the left side of the scanned application. This list includes all types of analysis available. For SAST scans, refer the following image,
Step 3: Review the Results
Once your scan is complete, the interface will display a summary of the findings. To delve deeper into the specific vulnerabilities identified during the scan, click on the name of your project (e.g., "vulnado-test"). This action will take you to a detailed overview of each finding.
For a comprehensive understanding of your SAST scan results, please visit the Results page.
To know how to scan private repos, please visit here
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article