# Sast options breakdown - [GitLab Sast](#GitLab-Sast) - [ShiftLeftSecurity/sast-scan](#ShiftLeftSecuritysast-scan) - [horusec](#horusec) ## Comparing languages |Languages | GitLab | ShiftLeftSec | Horusec | | ---- | -------- | -------- | -------- | | .NET Core / Framework | X | | | | Ansible | | X | | | arm | | X | | | aws | | X | | | Apex | X | X | | | C/C++ | X | | | | credscan | | X | X | | dart | | | X | | depscan | | X | | | Elixir | X | | | | Go | X | X | X | | Groovy | X | X | | | Helm Charts | X | | | | HTML | | | X | | Java / Javascript | X | X | X | | json | | X | X | | Kotlin | X | X | X | | Kubernetes manifests | X | X | X | | Node.js | X | X | | | Objective-C | X | | | | PHP | X | X | X | | psql | | X | | | Python | X | X | X | | React | X | | | | Ruby | X | X | X | | Rust | | X | | | Scala | X | X | | | Swift | X | | | | TypeScript | X | | X | | Terraform | | X | X | | yaml | | X | | | Apache Velocity | | X | | | | | | | ## GitLab Sast ### how to use ```console include: - template: Security/SAST.gitlab-ci.yml ``` ### Pros - is already included in our gitlab solution. - easy as add a template in the gitlab-ci.yml file. - can custom some feature. ### Cons - not include a result in the MR. - not all features included in our gitlab version. - not much program languages to scan. ## ShiftLeftSecurity/sast-scan ### how to use ```console docker run --rm -e "WORKSPACE=${PWD}" -v $PWD:/app shiftleft/scan scan --build ``` ### Pros - skip `--type` to enable auto-detection. - easy to use in a pipeline. - free opensource devsecops tool. ## horusec ### how to use Has a ci-stage for gitlab, and others ci tools. ```console stages: - security horusec-security: stage: security image: name: horuszup/horusec-cli:latest entrypoint: [""] script: - /usr/local/bin/horusec-cli.sh -p="./" -e="true" ``` ### Pros - another free opensource devsecops tool :) . - has a manager where you can see all reports. ### Cons - more complet to implement the all suite. - not completly login secure, for horusec-manager app. - still in development.