1d962ee6fc
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
# SAST (Application Code Scanning)
|
||
|
||
## StellaOps implementation
|
||
- No first-party SAST engine; platform focuses on deterministic SBOM, vulnerability ingestion, and policy evaluation rather than static code analysis.
|
||
|
||
## Trivy implementation
|
||
- Trivy does not ship a SAST analyzer; scanning targets container images, filesystems, SBOMs, and misconfiguration/secret detection only.
|
||
|
||
## Grype implementation
|
||
- Grype is limited to SBOM-driven vulnerability matching; static code analysis is out of scope.
|
||
|
||
## Snyk implementation
|
||
- The CLI routes SAST requests through Snyk Code (`snyk code test`), leveraging the SAST plugin stack under `src/lib/plugins/sast` and emitting SARIF/JSON outputs.[s1]
|
||
- Code is uploaded to Snyk’s SaaS backend for analysis, producing issue listings, severities, and remediation guidance; offline execution is unsupported.[s2]
|
||
|
||
## Key differences
|
||
- Only Snyk provides integrated SAST capabilities via Snyk Code; StellaOps, Trivy, and Grype would require external tooling for static analysis.
|
||
|
||
### References
|
||
- [s1] `/tmp/snyk-cli/src/lib/plugins/sast`
|
||
- [s2] `/tmp/snyk-cli/README.md`
|