From 164e1f07ad2cc64f82363a150d5d4f96d298cce0 Mon Sep 17 00:00:00 2001
From: Hua Yan <hyan@gitlab.com>
Date: Tue, 3 Jun 2025 10:46:50 +1000
Subject: [PATCH] Try fix

---
 templates/iac-sast-fix.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 templates/iac-sast-fix.yml

diff --git a/templates/iac-sast-fix.yml b/templates/iac-sast-fix.yml
new file mode 100644
index 0000000..81ff32c
--- /dev/null
+++ b/templates/iac-sast-fix.yml
@@ -0,0 +1,38 @@
+# Component created based on GitLab's IAC SAST Scanning template
+# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
+
+spec:
+    inputs:
+        stage:
+            default: test
+        excluded_paths:
+            default: "spec, test, tests, tmp"
+        excluded_analyzers:
+            default: ""
+        image_prefix:
+            default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
+        image_suffix:
+            default: ""
+        search_max_depth:
+            default: 4
+        image_tag:
+            default: 6
+
+---
+kics-iac-sast:
+  stage: $[[ inputs.stage ]]
+  image:
+    name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
+  variables:
+    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
+  script:
+    - /analyzer run
+  artifacts:
+    access: 'developer'
+    reports:
+      sast: gl-sast-report.json
+  allow_failure: true
+  rules:
+    - if: '"$[[ inputs.excluded_analyzers ]]" =~ /kics/'
+      when: never
+    - if: $CI_COMMIT_BRANCH