vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-06-30 15:38:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable experimental features via input instead of variable

Browse source
This commit is contained in:
Fabio Pitino 2023-05-03 11:46:55 +01:00
parent e94915c35f
commit 4150356e21
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -39,6 +39,7 @@ include:
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | | `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job |
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) |
### Variables ### Variables

10
template.yml
View file

@ -16,6 +16,8 @@ spec:
default: 4 default: 4
run_kubesec_sast: run_kubesec_sast:
default: 'false' default: 'false'
include_experimental:
default: 'false'
--- ---
.sast-analyzer: .sast-analyzer:
stage: $[[ inputs.stage ]] stage: $[[ inputs.stage ]]
@ -79,8 +81,7 @@ mobsf-android-sast:
rules: rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/' - if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/'
when: never when: never
- if: $CI_COMMIT_BRANCH && - if: '$CI_COMMIT_BRANCH && "$[[ inputs.include_experimental ]]" == "true"'
$SAST_EXPERIMENTAL_FEATURES == 'true'
exists: exists:
- '**/*.apk' - '**/*.apk'
- '**/AndroidManifest.xml' - '**/AndroidManifest.xml'
@ -90,8 +91,7 @@ mobsf-ios-sast:
rules: rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/' - if: '"$[[ inputs.excluded_analyzers ]]" =~ /mobsf/'
when: never when: never
- if: $CI_COMMIT_BRANCH && - if: '$CI_COMMIT_BRANCH && "$[[ inputs.include_experimental ]]" == "true"'
$SAST_EXPERIMENTAL_FEATURES == 'true'
exists: exists:
- '**/*.ipa' - '**/*.ipa'
- '**/*.xcodeproj/*' - '**/*.xcodeproj/*'
@ -183,7 +183,7 @@ spotbugs-sast:
rules: rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /spotbugs/' - if: '"$[[ inputs.excluded_analyzers ]]" =~ /spotbugs/'
when: never when: never
- if: $SAST_EXPERIMENTAL_FEATURES == 'true' - if: '"$[[ inputs.include_experimental ]]" == "true"'
exists: exists:
- '**/AndroidManifest.xml' - '**/AndroidManifest.xml'
when: never when: never