Skip to content

Source Code Scanners (SAST)


SAST scanners analyze an application's source code without executing it, comprehensively examining each line and identifying potential security flaws, such as injection vulnerabilities, insecure configurations, or authentication weaknesses. By scanning the source code directly, SAST tools can uncover vulnerabilities early in the development lifecycle, enabling proactive remediation and reducing the likelihood of security breaches in production environments.

BoostSecurity offers a suite of SAST scanners tailored to different programming languages and frameworks, providing comprehensive coverage across diverse technology stacks. These scanners integrate seamlessly into the CI/CD pipeline, automatically analyzing code changes and providing actionable insights to developers within their familiar development environments.

Scanner registry_module name Pull Request Flow Configuration Description
BoostSecurity Scanner boostsecurityio/boostsecurity-scanner yes - The BoostSecurity provided scanner, which leverages several open source and homegrown security checks with curated rules. Supports scanning for multiple languages
Brakeman boostsecurityio/brakeman yes - The Brakeman module scans Ruby source code for vulnerabilities, leveraging the latest version of brakeman from presidentbeef/brakeman
Checkov boostsecurityio/checkov yes - The Checkov module scans source code for vulnerabilities, leveraging the checkov scanner from bridgecrew/checkov
Semgrep boostsecurityio/semgrep yes - The Semgrep module scans source code for vulnerabilities, supporting various programming languages. The module leverages semgrep version 0.112 from returntocorp/semgrep
GoSec boostsecurityio/gosec yes - The GoSec module scans source code for vulnerabilities, for GoLang programming language. The module leverages gosec from securego/gosec
CodeQL boostsecurityio/codeql yes CODEQL_LANGUAGE The CodeQL module scans source code for vulnerabilities, supporting various programming languages. The module leverages CodeQL from Github. The environment variable CODEQL_LANGUAGE needs to be set to the programming language being scanned.