Data Theorem SAST

Scan your source code for security issues, privacy flaws, and 3rd party code (Open Source Software or Commercial SDKs).

Data Theorem's SAST (Static Application Security Testing) will automatically analyze your source code and publish the security issues in the Data Theorem Portal.

A valid Data Theorem Upload API key is required.

Install the extension

Go to Data Theorem SAST's page on the Azure DevOps marketplace: https://marketplace.visualstudio.com/items?itemName=datatheorem.datatheorem-sast

Install the extension in your Azure DevOps organization by clicking on "Get it free".

Retrieve your API key

First, you will need to retrieve/create an API Key from the Data Theorem portal, at https://www.securetheorem.com/devsecops/v2/results_api_access
Make sure that the SAST Scanning permission is enabled for this API Key

Add Data Theorem SAST to an Azure pipeline

Go to your azure-pipeline.yml file and select the Data Theorem SAST extension.

Click on "Variables" and create a new variable to hold your API key as a secret.

Set the name of the source code repository.

Once the inputs have been added, click on "Add", and the Data Theorem SAST task will be added to your azure-pipeline.yml file.

Save the pipeline and run it. SAST scan results will be available in the Data Theorem Portal at
https://www.securetheorem.com/api/v2/security/sast