Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Diff-aware scanning #73

Open
Pabloo-ss opened this issue Feb 13, 2025 · 1 comment
Open

Diff-aware scanning #73

Pabloo-ss opened this issue Feb 13, 2025 · 1 comment
Labels
question Further information is requested

Comments

@Pabloo-ss
Copy link

Question

Is there any way to scan just the modified files in a PR in order to find out if any new findings will be introduced in master branch after merging?
Something like this (Semgrep):
Diff-aware scanning
Semgrep AppSec Platform can scan only changes in files when running on a pull or merge request (PR or MR). This keeps the scan fast and reduces finding duplication.
@Pabloo-ss Pabloo-ss added the question Further information is requested label Feb 13, 2025
@MF-Joel
Copy link

MF-Joel commented Feb 13, 2025
edited
Loading

This isn’t something that is offered as a native feature of Fortify SCA. Although you could potentially script a solution to identify the modified files and then configure Fortify to scan only those files, the results would not fully replicate a purpose-built diff scan approach as there would be a loss of results identified through dataflow analysis. Additionally, this could only work for languages that don't require a full project translation such as Python, JavaScript, TypeScript, etc...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Pabloo-ss @MF-Joel