Code Scanning

FirstMate scans your code for security issues with trusted open-source static analyzers. To trigger this, just open a new pull request and the feedback of these tools will be included in the analysis.

At this moment, following tools are enabled by default: Bearer, Checkov

Scanning with Bearer

Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks. It scans for security risks and vulnerabilities using built-in rules covering OWASP Top 10 and CWE Top 25.

Bearer currently supports JavaScript, TypeScript, Ruby, Java, Python, Golang, PHP and their associated most used frameworks and libraries.

Only issues with levels 'critical' and 'high' are included by default.

IaC scanning with Checkov

Checkov uses a common command line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework.

Code Scanning

Scanning with Bearer​

IaC scanning with Checkov​

Scanning with Bearer

IaC scanning with Checkov