From ccd33f9a0234b756a441e5cb4a5ad666a10fd31d Mon Sep 17 00:00:00 2001 From: Philip Cunningham Date: Wed, 26 Mar 2025 10:40:19 +0000 Subject: [PATCH 1/2] Add PHP language support to gitlab-advanced-sast --- templates/sast.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/sast.yml b/templates/sast.yml index ccb3eec..7f1100f 100644 --- a/templates/sast.yml +++ b/templates/sast.yml @@ -81,6 +81,7 @@ gitlab-advanced-sast: - '**/*.mjs' - '**/*.cs' - '**/*.rb' + - '**/*.php' brakeman-sast: extends: .deprecated-16.8 @@ -144,7 +145,7 @@ semgrep-sast: "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ && "$[[ inputs.run_advanced_sast ]]" == "true"' variables: - SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb" + SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb, **/*.php" exists: - '**/*.c' - '**/*.cc' @@ -203,7 +204,7 @@ semgrep-sast: - '**/bootstrap*.yml' - '**/application*.yaml' - '**/bootstrap*.yaml' - + sobelow-sast: extends: .sast-analyzer image: From e0d30c4a71f9b546f138f1cf5c3fd9dc57a00d37 Mon Sep 17 00:00:00 2001 From: Philip Cunningham Date: Thu, 22 May 2025 11:41:23 +0100 Subject: [PATCH 2/2] Enable GLAS PHP Support FF by default --- templates/sast.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/sast.yml b/templates/sast.yml index 7f1100f..a169ccb 100644 --- a/templates/sast.yml +++ b/templates/sast.yml @@ -53,6 +53,7 @@ gitlab-advanced-sast: image: name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]" variables: + FF_GLAS_ENABLE_PHP_SUPPORT: 'true' SAST_ANALYZER_IMAGE_TAG: 2 SEARCH_MAX_DEPTH: 20 cache: