From 4150356e213d946042877fdec5109e138053a585 Mon Sep 17 00:00:00 2001 From: Fabio Pitino Date: Wed, 3 May 2023 11:46:55 +0100 Subject: [PATCH] Enable experimental features via input instead of variable --- README.md | 1 + template.yml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f861c1f..b48acb9 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ include: | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | | `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | +| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) | ### Variables diff --git a/template.yml b/template.yml index 7ae44c1..7a044c3 100644 --- a/template.yml +++ b/template.yml @@ -16,6 +16,8 @@ spec: default: 4 run_kubesec_sast: default: 'false' + include_experimental: + default: 'false' --- .sast-analyzer: stage: $[[ inputs.stage ]] @@ -79,8 +81,7 @@ mobsf-android-sast: rules: - if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/' when: never - - if: $CI_COMMIT_BRANCH && - $SAST_EXPERIMENTAL_FEATURES == 'true' + - if: '$CI_COMMIT_BRANCH && "$[[ inputs.include_experimental ]]" == "true"' exists: - '**/*.apk' - '**/AndroidManifest.xml' @@ -90,8 +91,7 @@ mobsf-ios-sast: rules: - if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/' when: never - - if: $CI_COMMIT_BRANCH && - $SAST_EXPERIMENTAL_FEATURES == 'true' + - if: '$CI_COMMIT_BRANCH && "$[[ inputs.include_experimental ]]" == "true"' exists: - '**/*.ipa' - '**/*.xcodeproj/*' @@ -183,7 +183,7 @@ spotbugs-sast: rules: - if: '"$[[ inputs.excluded_analyzers ]]" =~ /spotbugs/' when: never - - if: $SAST_EXPERIMENTAL_FEATURES == 'true' + - if: '"$[[ inputs.include_experimental ]]" == "true"' exists: - '**/AndroidManifest.xml' when: never