I was wondering if there is any way I can integrate Static Application Security Testing (SAST) in this CI/CD pipeline to deploy Apigee API Proxies.
https://github.com/GoogleCloudPlatform/apigee-samples/tree/main/deploy-apigee-proxy
The objective is to generate a CI/CD report for the CyberSecurity team, and I couldn’t find a tool or a way to integrate SAST with Google Cloud Builds.
I was able to run Apigeelint within the pipeline steps, as Static Code Analysis, but not sure if it is enough from security perspectives.
Hey @ahmad-mahafdhah ,
You’re right - Apigeelint is useful for basic checks, but it doesn’t catch deeper security issues.
If you’re looking to run proper SAST on your Apigee proxies during CI/CD, you might want to check out CodeSent. It’s built specifically for Apigee and can detect over 50 types of real-world security problems - things like insecure configurations, tainted data flows, missing protections, and more.
It integrates easily into pipelines and generates reports that are useful for security teams and audits.
Let me know if you need help getting started.
Hi @nmarkevich , can you provide me a documentation or something that I can start with regarding integrating it with Google Cloud Build CI/CD pipelines.
There’s no native integration with Cloud Build at the moment, but the easiest way to get a feel for how the tool works is to try the VS Code extension:
https://marketplace.visualstudio.com/items?itemName=NikitaMarkevich.codesent
There’s also a page with API docs if you’re looking to build something custom into your pipeline:
https://codesent.io/apigee/docs
Happy to help if you get stuck.
1 Like