Secure coding and toolingΒ #102
Description
I am a rather recent solutions architect and some of my teams are using Julia. I have concerns about secure coding and the tools that can be used to perform SAST (Static Analysis Security Testing) and SCA (Software Composition Analysis). I found out that modernjuliaworkflows addresses the issue of linting and code quality, but security analysis doesn't seem to be a part of it.
Are there any tools available that could any in my journey of writing secure Julia code? And if so, I would love to see this added to this extensive resource for Julia programmers.
I can also mention that I have been in contact with JuliaHub, but they only offer some sort of firewall that project admins can alter: https://help.juliahub.com/juliahub/stable/tutorials/package_analytics/
Besides that I found one company that seems to support SAST for Julia: https://semgrep.dev/blog/2023/announcing-semgrep-s-experimental-support-for-julia
If there are others with more serious experience in this field for Julia, I would love to hear their stories. To me it seems there isn't really a widely accepted solution yet, but I would hope that this could be addressed in this page.