SAST Support
complete
Elliot Huffman
Have a security check that sees if SAST is set up for a project (e.g. CodeQL or ESLint with security checks). Scores can differ for certain types of checks, e.g. CodeQL is better than ESLint for security checks.
Also detect the type of CodeQL config that is used, are the strong rules enabled? or is the default only used?
Feross Aboukhadijeh (Socket)
marked this post as
complete
Socket supports SAST now!
https://socket.dev/blog/socket-basics
Socket Basics brings all the core security checks together — static analysis, secrets detection, container scanning, and CVE vulnerability scanning — into one simple platform. It gives you a single view of your application’s risk across every important layer, without having to stitch together multiple systems.
Static analysis finds insecure code patterns before they cause real problems — things like command injection, unsafe deserialization, or misuse of dangerous APIs.
Socket Basics supports 14 programming languages out of the box. It ships with proven rulesets for common vulnerabilities and lets you add community or custom rules as needed. That means you get meaningful results on day one, with room to adapt to your own codebase over time.
victim16
test16
attacker16
test athar
Feross Aboukhadijeh (Socket)
marked this post as
planned