Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

SAST

Static Application Security Testing (SAST) analyzes your application's source code before it runs — catching vulnerabilities, coding flaws, and security misconfigurations early in the development cycle, before they reach production.

OpsMx Delivery Shield natively integrates with CI/CD tools such as Jenkins, GitHub Actions, and GitLab. As and when any stage in the CI/CD pipeline is triggered, automated security scans defined within those stages are also triggered by OpsMx.

How It Works

OpsMx SAST leverages open-source tools Semgrep and SonarQube to provide lightweight, fast, and customizable static analysis designed for developers and security professionals.

When a pipeline stage is triggered, Delivery Shield:

  1. Connects to your repository via the integrated CI/CD tool

  2. Scans the source code using Semgrep and/or SonarQube rule sets

  3. Analyzes findings against your defined security policies

  4. Reports vulnerabilities categorized by severity and confidence

  5. Blocks or flags the release depending on your policy configuration

Viewing SAST Results

Once a scan completes, results are available in the Delivery Shield dashboard:

  • Navigate to your ApplicationSource Scan section

  • View findings organized by severity (Critical, High, Medium, Low) and confidence level

  • Drill into individual findings to see the affected file, line number, and rule triggered

  • Track remediation status across environments from a centralized view

SAST scan findings are also incorporated into your application's overall security score and reflected in the Delivery Bill of Materials (DBOM).

Remediation

When vulnerabilities are detected, Delivery Shield provides:

  • Inline suggestions with remediation guidance per finding

  • AI-powered remediation — the ability to generate recommendations for upgrading insecure dependencies and suggest alternatives to vulnerable libraries.

  • Automated pull requests to apply fixes directly in the repository (where configured)

Supported Languages & Frameworks

SAST in Delivery Shield supports 20+ programming languages including Python, JavaScript, Java, Go, and Ruby, with framework-specific rules for React, Flask, and Django, plus a rich library of rules from the open-source community.

PreviousCode SecurityNextHow to do Source Scan

Last updated