BST-18082 Add tests for SAST scanners (semgrep, brakeman, gosec, codeql)

lindycoder · claude · lindycoder · commit f7ffda4ac4ca · 2025-12-05T13:34:00.000-05:00
Migrated test targets from boost-sandbox module-tests repositories to the new test harness. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/scanners/boostsecurityio/brakeman/tests.yaml b/scanners/boostsecurityio/brakeman/tests.yaml
@@ -0,0 +1,22 @@
+version: "1.0"
+tests:
+  - name: "railsgoat"
+    type: "source-code"
+    source:
+      url: "https://github.com/OWASP/railsgoat.git"
+      ref: "master"
+  - name: "postal"
+    type: "source-code"
+    source:
+      url: "https://github.com/postalserver/postal.git"
+      ref: "2.1.1"
+  - name: "govwifi-admin"
+    type: "source-code"
+    source:
+      url: "https://github.com/alphagov/govwifi-admin.git"
+      ref: "9d067eb8c3d30e8a418cba6fe5c0d27cdaef7e4d"
+  - name: "diaspora"
+    type: "source-code"
+    source:
+      url: "https://github.com/diaspora/diaspora.git"
+      ref: "v0.7.18.1"
diff --git a/scanners/boostsecurityio/codeql/tests.yaml b/scanners/boostsecurityio/codeql/tests.yaml
@@ -0,0 +1,22 @@
+version: "1.0"
+tests:
+  - name: "juice-shop"
+    type: "source-code"
+    source:
+      url: "https://github.com/juice-shop/juice-shop.git"
+      ref: "v15.0.0"
+  - name: "dsvw"
+    type: "source-code"
+    source:
+      url: "https://github.com/stamparm/DSVW.git"
+      ref: "master"
+  - name: "capital"
+    type: "source-code"
+    source:
+      url: "https://github.com/Checkmarx/capital.git"
+      ref: "main"
+  - name: "brokencrystals"
+    type: "source-code"
+    source:
+      url: "https://github.com/NeuraLegion/brokencrystals.git"
+      ref: "master"
diff --git a/scanners/boostsecurityio/gosec/tests.yaml b/scanners/boostsecurityio/gosec/tests.yaml
@@ -0,0 +1,22 @@
+version: "1.0"
+tests:
+  - name: "gitleaks"
+    type: "source-code"
+    source:
+      url: "https://github.com/gitleaks/gitleaks.git"
+      ref: "v8.15.2"
+  - name: "osv-scanner"
+    type: "source-code"
+    source:
+      url: "https://github.com/google/osv-scanner.git"
+      ref: "v1.0.2"
+  - name: "rclone"
+    type: "source-code"
+    source:
+      url: "https://github.com/rclone/rclone.git"
+      ref: "v1.62.2"
+  - name: "kubeaudit"
+    type: "source-code"
+    source:
+      url: "https://github.com/Shopify/kubeaudit.git"
+      ref: "v0.18.0"
diff --git a/scanners/boostsecurityio/semgrep/tests.yaml b/scanners/boostsecurityio/semgrep/tests.yaml
@@ -0,0 +1,27 @@
+version: "1.0"
+tests:
+  - name: "juice-shop"
+    type: "source-code"
+    source:
+      url: "https://github.com/juice-shop/juice-shop.git"
+      ref: "v15.0.0"
+  - name: "dsvw"
+    type: "source-code"
+    source:
+      url: "https://github.com/stamparm/DSVW.git"
+      ref: "master"
+  - name: "capital"
+    type: "source-code"
+    source:
+      url: "https://github.com/Checkmarx/capital.git"
+      ref: "main"
+  - name: "brokencrystals"
+    type: "source-code"
+    source:
+      url: "https://github.com/NeuraLegion/brokencrystals.git"
+      ref: "master"
+  - name: "vulnnodeapp"
+    type: "source-code"
+    source:
+      url: "https://github.com/4auvar/VulnNodeApp.git"
+      ref: "master"
