Analyzing HelloShiftLeft with NG SAST
This article shows how ShiftLeft CORE's NG SAST works using the HelloShiftLeft sample application.
Prerequisites
If you haven't already, install NG SAST.
To get HelloShiftLeft, you can clone its repo by running git clone https://github.com/ShiftLeftSecurity/HelloShiftLeft.git
in the Terminal/Bash.
You must have the Java 8 SDK installed to use HelloShiftLeft.
Step 1: Build HelloShiftLeft
Build the HelloShiftLeft sample app using Maven by running mvn clean package
(you can also use another build tool of your choice). You can expect the "BUILD SUCCESS" message to be printed to the Terminal/Bash if this is successful).
Step 2: Run NG SAST
To ngsast the code for HelloShiftLeft, run sl analyze --app HelloShiftLeft --wait --java target/hello-shiftleft-0.0.1.jar
. You will see the following output:
Step 3: View your results
Per the instructions printed to the Terminal/Bash, open up the URL provided. This will bring you to the ShiftLeft Dashboard, where you will see a summary of the vulnerabilities identified.