Security

AST

AST

AST: Application Security Testing, 静态应用程序安全测试, 对应用程序源代码执行直接的白盒分析.

SAST

SAST: Static Application Security Testing

Tools: SonarQube, Trivy, Coverity.

gitlab SAST report. gitlab secret detection report.

https://github.com/aquasecurity/trivy

https://scan.coverity.com/

DAST

DAST: Dynamic Application Security Testing,动态应用程序安全测试, 对应用程序进行黑盒分析.

Tools:

ZAP Scan(OWASP ZAP)

synopsys WhiteHat Sentinel.

gitlab DAST report.

IAST

IAST: Interactive Application Security Testing,交互式应用程序安全测试, 结合了SAST和DAST的优点.

SCA

SCA: Software Composition Analysis.

SBOM (software Bill of Materials),开源组件安全扫描

Tools: BlackDuck, Jfrog Xray.

gitlab dependency scanning report.

© 2013 - 2025 Morgoth
Designed by Canux