It took me a while to update the blog, but if, for some reason, you are following the TSP (The Scan Project) progress here, it’s time to check out https://scanproject.io and https://docs.scanproject.io!

Oh, and I totally revisited the decision about SARIF and DefectDojo support. Both are well-supported now :)

In short, the free basic version of the project is available to all now. Semgrep Open Source, SonarLint, and Dependency Check are embedded and ready to use. But it doesn’t have any advanced issue processing - just puts everything together in a generic report (that is still quite useful).

I won’t say anything about the paid version yet.