Comprehensive security scanning - SAST, SCA, secrets, IaC, and license detection
We’ve launched comprehensive security scanning for your repositories. Sourcery now scans for vulnerabilities across your code, dependencies, infrastructure, and secrets - all visible in the Sourcery dashboard.
Security Scanning
Sourcery now provides comprehensive security scanning across multiple dimensions:
- SAST (Static Application Security Testing) - Detect security vulnerabilities in your source code, including injection flaws, authentication issues, and other common security anti-patterns.
- SCA (Software Composition Analysis) - Scan your dependencies for known vulnerabilities with CVE tracking, powered by Trivy.
- Exposed Secrets Detection - Find accidentally committed secrets, API keys, and credentials in your codebase.
- IaC (Infrastructure as Code) Scanning - Identify misconfigurations and security issues in your Terraform, CloudFormation, and other IaC files.
- Open Source License Scanning - Detect the licenses of your dependencies and flag any that may require legal review or are incompatible with your project.
Security issues can be displayed as blocking check statuses on pull requests, giving you control over your security workflow. The dashboard shows detailed issue information including CVE descriptions, syntax-highlighted code snippets, and dependency graphs.
Jira Integration
- You can now automatically create Jira issues from security issues found in your code. Connect your Jira account in the dashboard to get started.
Review Improvements
- Reviews now include links when dismissing code review comments, making it easier to track resolved issues.
- Re-reviews automatically resolve comments, and post new security review comments as needed.
IDE Chat
- Fixed a security issue where malicious markdown images could be rendered in the IDE chat. Images in chat responses are now hidden for security reasons. Thanks to Maximilian Hildebrand for responsibly reporting this issue.