Code (SAST) Issues

SOOS supports ingesting SARIF output from any SAST or Secret scanning tool of your choice that can generate SARIF. Source code issues from the SARIF output will be created as SOOS Code Issues and shown under your SOOS project and reflected on the dashboard statistics.

Code issue details include details about the code issue, locations where the issue was identified, as well as file and line information.

These Code Issues can be wide ranging, from code style problems, to performance problems, to code security issues, depending on your SAST tool choice. Because SAST tools are run early in the development process, they are a great way to identifying potential security flaws and areas of weakness early. Identifying these issues allows for proactive correction to ensure code security and compliance with standards.

Follow the solution recommendations provided in the Code Issue details displayed in the SOOS app. Links to external references for most Code Issue are provided to allow users to research further.

Many SAST tools include issues that have been suppressed in code in their output. When SOOS encounters these issues they will be included, but will automatically be put in the Creating Issue Suppressions & Attestations workflow with any attestation details that are provided.