vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-06-30 15:38:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

rename advanced_sast input to run_advanced_sast

Browse source 
implements reviewer suggestion from @craigmsmith
This commit is contained in:
Duncan Macleod 2024-09-25 15:23:45 +02:00
parent fb486fb1a3
commit 0af19cdcc3
No known key found for this signature in database
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -44,7 +44,7 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job |
| `advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) ]
| `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) ]
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) |
## Contribute

8
templates/sast.yml
View file

@ -16,7 +16,7 @@ spec:
default: '4'
run_kubesec_sast:
default: 'false'
advanced_sast:
run_advanced_sast:
default: false
type: boolean
include_experimental:
@ -58,7 +58,7 @@ gitlab-advanced-sast:
rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /semgrep/'
when: never
- if: '"$[[ inputs.advanced_sast ]]" != "true"'
- if: '"$[[ inputs.run_advanced_sast ]]" != "true"'
when: never
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/
@ -134,7 +134,7 @@ semgrep-sast:
- if: '$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
"$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
"$[[ inputs.advanced_sast ]]" == "true"'
"$[[ inputs.run_advanced_sast ]]" == "true"'
variables:
SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs"
exists:
@ -157,7 +157,7 @@ semgrep-sast:
- if: '$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
"$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
"$[[ inputs.advanced_sast ]]" == "true"'
"$[[ inputs.run_advanced_sast ]]" == "true"'
when: never
- if: $CI_COMMIT_BRANCH
exists: