This article walks you through how ShiftLeft CORE's NG SAST works using the HelloShiftLeft sample application.
If you haven't already, install NG SAST.
To get HelloShiftLeft, you can clone its repo by running
git clone https://github.com/ShiftLeftSecurity/HelloShiftLeft.git in the Terminal/Bash.
You must have the Java 8 SDK installed to use HelloShiftLeft.
Step 1: Build HelloShiftLeft
Build the HelloShiftLeft sample app using Maven by running
mvn clean package (you can also use another build tool of your choice). You can expect the “BUILD SUCCESS” message to be printed to the Terminal/Bash if this is successful).
Step 2: Run NG SAST
To ngsast the code for HelloShiftLeft, run
sl analyze --app HelloShiftLeft --wait --java target/hello-shiftleft-0.0.1.jar. You will see the following output:
Step 3: View Your Results
Per the instructions printed to the Terminal/Bash, open up the URL provided. This will bring you to the ShiftLeft Dashboard, where you will see a summary of the vulnerabilities identified.