Secure coding and tooling

[deltamarnix]

I am a rather recent solutions architect and some of my teams are using Julia. I have concerns about secure coding and the tools that can be used to perform SAST (Static Analysis Security Testing) and SCA (Software Composition Analysis). I found out that modernjuliaworkflows addresses the issue of linting and code quality, but security analysis doesn't seem to be a part of it.

Are there any tools available that could any in my journey of writing secure Julia code? And if so, I would love to see this added to this extensive resource for Julia programmers.

I can also mention that I have been in contact with JuliaHub, but they only offer some sort of firewall that project admins can alter: https://help.juliahub.com/juliahub/stable/tutorials/package_analytics/

Besides that I found one company that seems to support SAST for Julia: https://semgrep.dev/blog/2023/announcing-semgrep-s-experimental-support-for-julia

If there are others with more serious experience in this field for Julia, I would love to hear their stories. To me it seems there isn't really a widely accepted solution yet, but I would hope that this could be addressed in this page.

[gdalle]

Hi @deltamarnix, I have absolutely no clue how to answer your question, so I posted it on Discourse in the hope that more enlightened people will lend a hand. https://discourse.julialang.org/t/secure-coding-in-julia/115972