Spike diff based scanning for advanced SAST
Summary
This issue aims to address questions raised in Faster Advanced SAST: Diff-based scanning in MRs (&16790 - closed) to support planning breakdown.
Spike tasks
-
Identify code changes required to scan specific files in GLAS. - Discussed in this thread.
-
Build a prototype and benchmark performance against a full scan - Discussed in this thread.
-
Investigate if the selective_scan_neighborhood_depthflag is able to accurately detect a cross file vuln that spans the depth specified by the flag.- Discussed in this thread.
-
Changes needed for the scanner report - Discussed in this thread.
-
Investigate how scans for MRs targeting non-default branches are currently handled, and assess whether we should support this use case alongside default branch MRs. - Discussed in this thread
-
Evaluate the SECRET_DETECTION_LOG_OPTIONS variable to determine if a similar variable is needed - Discussed in
diff customizationsection of this thread
- Discussed in
-
Determine the logic for Diff calculation - Discussed in this thread
-
Identify code changes required to display diff based scan results in the UI - Discussed in this thread.
Edited by Shao Ming Tan