Priority: Medium
OpenSSF Scorecard Finding: SAST (0/10)
Risk Level: Medium
Description
Static Application Security Testing (SAST) is not currently running on commits. SAST tools help identify security vulnerabilities in source code automatically.
Recommendation
Implement SAST scanning by adding one or more of:
- GitHub CodeQL for security analysis
- Semgrep for custom security rules
- Bandit (for Python code if applicable)
- Shellcheck (for shell scripts)
These should run on all PRs and commits to main branches.
References
Priority: Medium
OpenSSF Scorecard Finding: SAST (0/10)
Risk Level: Medium
Description
Static Application Security Testing (SAST) is not currently running on commits. SAST tools help identify security vulnerabilities in source code automatically.
Recommendation
Implement SAST scanning by adding one or more of:
These should run on all PRs and commits to main branches.
References