fossabot for SAST Security Review
fossabot is an AI Agent for code maintenance, including Static Application Security Testing (SAST). Customers typically configure SAST review on each code change, before it gets merged.
Review the Supported Ecosystems & Tools to ensure all of your programming languages are covered.
SAST Review in Pull Requests
fossabot can run a SAST review against the changed files within a Pull Request or Merge Request.
SAST review with executive summary and recommendations
Findings and recommendations are returned in a summary comment as well as on the relevant line when available.
Inline comment on file with a SAST issue
Block Issues with a Pre-Merge Check
A popular configuration is to enforce the SAST review as a pre-merge check.
This configuration cuts down on noise when no findings are found, the PR simply gets a green check mark. It's optional whether you want the check to block merges or not, however.
SAST review with 2 findings that need to be addressed
Updated about 10 hours ago