How do you integrate a static security analysis tool into the CI/CD pipeline

This page summarizes the projects mentioned and recommended in the original post on /r/devops
QA Tools Code Analysis Eslint Sonarqube JavaScript

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • eslint-plugin-security

    ESLint rules for Node Security

    • ESLint. A lot of the rules are more stylistic, but there are some performance and security related checks. There are plugins (of various stability and quality), like eslint-plugin-security.

  • SonarQube

    Continuous Inspection

    • There are commercial tools that can be integrated into a CI pipeline and/or a developer's IDE. I've used SonarQube before, but there are others.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • ESLint

    Find and fix problems in your JavaScript code.

    • ESLint. A lot of the rules are more stylistic, but there are some performance and security related checks. There are plugins (of various stability and quality), like eslint-plugin-security.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts