Sasty is a ncurses interface to read Gitlab's SAST reports.
Sasty supports the following static analyzers on Gitlab CI:
- Semgrep
- Flawfinder
Note for Github users : development is happening on Gitlab, please submit any issue there or merge request there.
Sasty depends on:
- gcc (gentoo: sys-devel/gcc, debian/ubuntu: gcc)
- Note that you can use an other compiler with the
CCvariable.
- Note that you can use an other compiler with the
- make (gentoo: sys-devel/make, debian/ubuntu: make)
- pkg-config (gentoo: dev-util/pkgconf, debian/ubuntu: pkg-config)
- ncurses (gentoo: sys-libs/ncurses, debian/ubuntu: libncursesw5-dev)
- json-c (gentoo: dev-libs/json-c, debian/ubuntu: libjson-c-dev)
make # build with gcc
# make CC=clang # build with clang instead
sudo make install # will install in /usr/local/bin
# make install PREFIX=~/ # will install instead in ~/bin
sasty [-h|--help] <file>
Brings a ncurses interface to inspect Gitlab's SAST reports.
You must provide a path to a downloaded JSON report.
If you execute sasty within the analyzed codebase's directory,
you will see snippets of the code related to each report. You
must be at the root of that directory for this to happen.
Note that it's the first time I publish a ncurses program, so I have no clue if this will be cross-platform. If it doesn't build on your platform, please let me know in the issues.