No, XCA augments existing code scanning solutions, including custom rules based on past vulnerabilities that may not be available in generic default rulesets. As such, it targets specific, known vulnerable code patterns with a high true positive rate instead of general code hygiene or potential vulnerabilities.
The Semgrep OSS Engine is already integrated into GitLab SAST and does not require additional modifications.
Vulnerabilities discovered from XCA are stored in the GitLab project as a Vulnerability Report.
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Did this page help you? - No
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.
XCA
A Set of Custom Rules That Detect Repeated Vulnerabilities in Code