Evaluators
Evaluators are a crucial part of the Labs application, responsible for assessing user submissions and providing feedback. They can be used to evaluate various aspects of the lab, such as code quality, security vulnerabilities, and exploitability.
SAST
Static Application Security Testing (SAST) evaluators analyze the user code for security vulnerabilities without executing it. They provide insights into potential security issues in the code, helping users to improve their coding practices and understand common vulnerabilities.
About
SAST evaluator is based on Semgrep, a powerful static analysis tool that allows you to write custom rules to detect security vulnerabilities in code. More information about Semgrep can be found here: Semgrep Documentation.
Configuration
SAST evaluators have the following configuration options:
- ERROR: Value of penalty for errors found in the code. This needs to be a negative number, representing the penalty for each vulnerability with type
errorfound.- Default Value:
-10
- Default Value:
- WARNING: Value of penalty for warnings found in the code. This needs to be a negative number, representing the penalty for each vulnerability with type
warningfound.- Default Value:
-5
- Default Value:
- INFO: Value of penalty for info messages found in the code. This needs to be a negative number, representing the penalty for each vulnerability with type
infofound.- Default Value:
-2
- Default Value: