This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

SAST policies

Learn about the predefined finding policy templates for SAST used in your software development environment.

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Learn about the predefined finding policy templates for SAST used in your software development environment.

Endor Labs provides the following finding policy templates for detecting SAST issues. See Finding policies for details on how to create policies from policy templates.

See SAST severity matrix to understand how Endor Labs assigns severity to SAST findings.

Policy template Description Severity
Report SAST results matching given rule names Raise findings for SAST results for a given set of SAST rules. The severity of the finding is set based on the severity of the rule that created the result. If the SAST rule does not have a severity then the policy finding severity is used. Critical
Report SAST results matching given criteria Raise findings for SAST results based on a given set of criteria, such as the severity, confidence level, and/or tags. The severity of the finding is set based on the severity of the rule that created the result. If the SAST rule does not have a severity then the policy finding severity is used. Critical