Endor Labs provides the following finding policy templates for detecting SAST issues. See Finding policies for details on how to create policies from policy templates.
See SAST severity matrix to understand how Endor Labs assigns severity to SAST findings.
| Policy template | Description | Severity |
|---|---|---|
| Report SAST results matching given rule names | Raise findings for SAST results for a given set of SAST rules. The severity of the finding is set based on the severity of the rule that created the result. If the SAST rule does not have a severity then the policy finding severity is used. | Critical |
| Report SAST results matching given criteria | Raise findings for SAST results based on a given set of criteria, such as the severity, confidence level, and/or tags. The severity of the finding is set based on the severity of the rule that created the result. If the SAST rule does not have a severity then the policy finding severity is used. | Critical |