All SAST
Initializes the All SAST module.
Modules:
| Name | Description |
|---|---|
cli |
Defines the command-line interface for running all available SAST tools. |
graphics |
Provides classes for generating plots and visualizations from aggregated SAST results. |
parser |
Provides classes for parsing and aggregating results from multiple SAST tools. |
report |
Defines the base report generation functionality for aggregated SAST results. |
sast |
Defines the logic for orchestrating multiple SAST tools together. |
Defines the command-line interface for running all available SAST tools.
Functions:
| Name | Description |
|---|---|
build_cli |
Build the Typer CLI for running all SAST tools. |
Attributes:
| Name | Type | Description |
|---|---|---|
REPORT_FORMATS |
|
Provides classes for generating plots and visualizations from aggregated SAST results.
Graphics(project_name: str)
Bases: CoreGraphics
Base class for generating plots for aggregated SAST results.
Attributes:
| Name | Type | Description |
|---|---|---|
project_name |
str
|
The name of the project being visualized. |
all_sast |
AllSAST
|
The instance managing all SAST tools. |
output_dir |
Path
|
The directory containing the aggregated results. |
sast_color |
dict
|
A dictionary mapping SAST tool names to colors. |
sast_names |
list[str]
|
A list of names of the SAST tools involved in the analysis. |
plot_functions |
list
|
A list of methods responsible for generating plots. |
Initialize the Graphics object.
ProjectGraphics(project_name: str)
Bases: Graphics
Generate graphics for an aggregated analysis result of a single project.
Initialize the ProjectGraphics object.
Methods:
| Name | Description |
|---|---|
plot_overview |
Generate an overview plot with stats by files, SAST tools, and levels. |
plot_top_cwes |
Generate a stacked bar plot for the top CWEs found. |
plot_top_scores |
Generate a stacked bar plot for files with the highest scores. |
Attributes:
| Name | Type | Description |
|---|---|---|
result |
|
Generate an overview plot with stats by files, SAST tools, and levels.
Provides classes for parsing and aggregating results from multiple SAST tools.
AllSASTAnalysisResult(
name: str, analysis_results: dict[str, AnalysisResult]
)
Represent the aggregated results from multiple SAST analyses on a single project.
Initialize an AllSASTAnalysisResult instance.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
|
str
|
The name of the project. |
required |
|
dict[str, AnalysisResult]
|
A dictionary of analysis results from various SAST tools. |
required |
Methods:
| Name | Description |
|---|---|
__repr__ |
Return a developer-friendly string representation of the aggregated result. |
load_from_output_dir |
Load and parse analysis results from all SAST tools for a given project. |
stats_by_files |
Calculate statistics on defects, grouped by file. |
stats_by_sasts |
Calculate statistics on defects, grouped by SAST tool. |
stats_by_levels |
Calculate statistics on defects, grouped by severity level. |
stats_by_cwes |
Calculate statistics on defects, grouped by CWE. |
stats_by_scores |
Calculate a risk score for each file based on defect data. |
prepare_report_data |
Prepare data needed to generate a report. |
Attributes:
| Name | Type | Description |
|---|---|---|
name |
|
|
source_path |
|
|
analysis_results |
|
|
lang |
|
|
sast_names |
|
|
files |
|
|
defects |
|
__repr__() -> str
Return a developer-friendly string representation of the aggregated result.
classmethod
Load and parse analysis results from all SAST tools for a given project.
stats_by_levels() -> dict
Calculate statistics on defects, grouped by severity level.
stats_by_scores() -> dict
Calculate a risk score for each file based on defect data.
Defines the base report generation functionality for aggregated SAST results.
Modules:
| Name | Description |
|---|---|
HTML |
Generates HTML reports for aggregated SAST analysis results. |
SARIF |
Generates SARIF reports for aggregated SAST analysis results. |
Bases: ABC
Abstract base class for report generation.
Attributes:
| Name | Type | Description |
|---|---|---|
format |
str
|
The format of the report (e.g., "HTML", "SARIF"). |
project |
str
|
The name of the project. |
all_sast |
AllSAST
|
The AllSAST manager instance. |
report_dir |
Path
|
The directory where reports are saved. |
result |
AllSASTAnalysisResult
|
The parsed analysis results. |
report_data |
dict
|
The data prepared for rendering the report. |
Initialize the Report.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
|
str
|
The name of the project. |
required |
|
AllSAST
|
The AllSAST instance. |
required |
|
int | None
|
The number of top files to include in the report based on score. |
None
|
Methods:
| Name | Description |
|---|---|
generate |
Generate the report. |
instance-attribute
Generates HTML reports for aggregated SAST analysis results.
Bases: Report
Generate interactive HTML reports for SAST analysis results.
Attributes:
| Name | Type | Description |
|---|---|---|
TEMPLATE |
str
|
The HTML template used for report generation. |
project |
str
|
The name of the project. |
all_sast |
AllSAST
|
The AllSAST manager instance. |
report_dir |
Path
|
The directory where reports are saved. |
result |
AllSASTAnalysisResult
|
The parsed analysis results. |
report_data |
dict
|
The data prepared for rendering the report. |
Methods:
| Name | Description |
|---|---|
generate_single_defect |
Generate the HTML report for a single file with defects. |
generate |
Generate the HTML report. |
class-attribute
instance-attribute
TEMPLATE = '\n <!DOCTYPE html>\n <html>\n <head>\n <meta charset="UTF-8">\n <style>\n {stylesheet}\n body {{\n color: {foreground};\n background-color: {background};\n font-family: Menlo, \'DejaVu Sans Mono\', consolas, \'Courier New\', monospace;\n }}\n .tippy-box {{\n background-color: white;\n color: black;\n }}\n img {{\n display: block;\n margin: auto;\n border: solid black 1px;\n }}\n #top {{\n position: fixed;\n bottom: 20px;\n right: 30px;\n background-color: white;\n padding: 10px;\n border: solid black 5px;\n }}\n </style>\n </head>\n <body>\n <a href="./home.html"><h1>CodeSecTools All SAST Tools Report</h1></a>\n <h3>SAST Tools used: [sasts]</h3>\n <h2>[name]</h2>\n <pre style="font-family:Menlo,\'DejaVu Sans Mono\',consolas,\'Courier New\',monospace"><code style="font-family:inherit">{code}</code></pre>\n <script src="https://unpkg.com/@popperjs/core@2"></script>\n <script src="https://unpkg.com/tippy.js@6"></script>\n <script>[tippy_calls]</script>\n <a href="#" id="top">^</a>\n </body>\n </html>\n '
Generate the HTML report for a single file with defects.
Generates SARIF reports for aggregated SAST analysis results.
Bases: Report
Generate SARIF reports for SAST analysis results.
Attributes:
| Name | Type | Description |
|---|---|---|
format |
str
|
The format of the report, which is "SARIF". |
project |
str
|
The name of the project. |
all_sast |
AllSAST
|
The AllSAST manager instance. |
report_dir |
Path
|
The directory where reports are saved. |
result |
AllSASTAnalysisResult
|
The parsed analysis results. |
report_data |
dict
|
The data prepared for rendering the report. |
Methods:
| Name | Description |
|---|---|
generate |
Generate the SARIF report. |
Defines the logic for orchestrating multiple SAST tools together.
Orchestrate running multiple SAST tools and managing their combined results.
Initialize the AllSAST instance.
Methods:
| Name | Description |
|---|---|
list_results |
List the names of analysis results common to all enabled SAST tools. |
Attributes:
| Name | Type | Description |
|---|---|---|
name |
|
|
parser |
|
|
output_dir |
|
|
full_sasts |
list[SAST]
|
|
partial_sasts |
list[SAST]
|
|
any_sasts |
list[SAST]
|
|
sasts_by_lang |
|
|
sasts_by_dataset |
|