/
Code Analysis

Code Analysis

Owned by Julio
Last updated: Dec 30, 2024 by Julio
1 min read

Static Application Security Testing (SAST)

SAST tools help us scan our code repositories in order to find vulnerabilities and security issues in a static manner - that is, the code is scanned and assessed without the need for runtime analysis. At the moment, Rocket.Chat leverages Github’s CodeQL for all public repositories and is studying implementing Semgrep for private repositories.

Secrets Scanning

Secrets scanning helps us prevent secrets from being added to our code repository as well as it detects secrets that have already been committed. At the moment, Rocket.Chat leverages Github’s secret scanning for all public repositories and is studying implementing Trufflehog for private repositories.

Software Composition Analysis (SCA)

SCA or dependencies scanning helps us find and mitigate security issues in libraries and dependencies used in our code. At the moment, Rocket.Chat leverages Github’s Dependabot for both public and private repositories.