This repository has been archived by the owner on Mar 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
Home
JonZeolla edited this page Jan 1, 2020
·
2 revisions
Welcome to the easy_sast
wiki! easy_sast
is a docker container for use in integration pipelines to submit an application's build artifacts to a static analysis tool. This has been developed in a way to serve as a build pattern for other containers meant to facilitate similar functionality, and natively integrates with Veracode's Static Analysis product.
This code base was developed in line with the Rugged Manifesto. As such, it is:
-
Simple to use: It contains intentionally limited dependencies and provides easy-to-use
make
commands for standard use cases. - Easily configurable: Practical defaults are in place, but configuration options include a config file, environment variables, and CLI arguments.
- Clear and understandable code: Regular use of type hints, keyword arguments, and a normalized code style make understanding the code intent easy.
- Engineered to be robust: Error handling, automated security validation, and pervasive validation.
- 100% tested: 100% code coverage for unit tests on all commits.
- 100% consistently formatted: Linting of Docker, make, YAML, git commits, and Python on all commits.
See the Quickstart for more information on how to get started.