Written code Scan (SAST)
We can start an online scan by clicking on the SCAN button on top right
We chose Github for this example. Once clicked, you get a repo to scan. For the demonstration purpose we take Vulnado.
We clone the repo and paste it like,
Hit the green plus sign and scan.
Scan with start
Once online scans finishes we get the result like following
Above picture shows that we scanned a project names “vulnado-test” which has our Code Analysis (SAST) and other scans. Let’s dive into that.
Once you click on it you will be redirected to a page like following
Which will contain the following information about your SAST scan
1) Project Scanned
Named of our current project. In this case vulnado-test
2) Scan Date
When scan was performed, on which date and at what time
3) User’s Email
Which user performed this scan? We show their email address
4) RuleId
Which rules matched our sets of backend rules. We show that
5) Vulnerable Code Snippet
Code block which is vulnerable
6) Rule description
More information about the ruleid
7) File Path
Vulnerable code file path
8) Filter Severity
- To filter your results based upon the criticality