Part 2.2 Implementing SAST in Gitlab DevSecOps Pipeline using SonarQube with Code Coverage
Security is a critical aspect of software development. Static Application Security Testing (SAST) ensures early detection of vulnerabilities in the codebase.
1. Why We Need This Use Case
Security is a critical aspect of software development. Static Application Security Testing (SAST) ensures early detection of vulnerabilities in the codebase. Integrating SonarQube into the GitLab CI/CD pipeline adds another layer of quality checks by analyzing code for smells, vulnerabilities, and coverage. Including code coverage metrics enhances software quality by ensuring proper test coverage and maintaining secure applications.
2. When We Need This Use Case
When delivering secure applications with automated DevSecOps practices.
For projects with stringent quality gates that require specific levels of code coverage.
To proactively identify vulnerabilities and untested portions of code during the CI/CD process.
To maintain compliance with security standards or industry-specific regulations.
3. Complete first before this usecase
Part 1 - Implementing DevSecOps Pipeline using Gitlab - Link
Part 2.1 - Implementing SAST in Gitlab DevSecOps Pipeline using SonarQube with no code coverage - Link