From 6403d60f3a53e1b7c911a728750a462ab021a865 Mon Sep 17 00:00:00 2001
From: Julian Thome <jthome@gitlab.com>
Date: Tue, 11 Mar 2025 16:45:59 +0100
Subject: [PATCH 1/4] Refine exists patterns.

---
 templates/sast.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 927d012..154f816 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -154,9 +154,13 @@ semgrep-sast:
         - '**/*.swift'
         - '**/*.m'
         - '**/*.kt'
-        - '**/*.yml'
-        - '**/*.yaml'
         - '**/*.properties'
+        - '**/application*.yml'
+        - '**/management*.yml'
+        - '**/actuator*.yml'
+        - '**/application*.yaml'
+        - '**/management*.yaml'
+        - '**/actuator*.yaml'
     ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
     - if: '$CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/ &&

From 66475db496f2f72979f0febbd369f1450a7775fb Mon Sep 17 00:00:00 2001
From: Julian Thome <jthome@gitlab.com>
Date: Wed, 12 Mar 2025 10:44:14 +0100
Subject: [PATCH 2/4] Applying suggestions from VR

---
 templates/sast.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/sast.yml b/templates/sast.yml
index 154f816..557df93 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -158,9 +158,11 @@ semgrep-sast:
         - '**/application*.yml'
         - '**/management*.yml'
         - '**/actuator*.yml'
+        - '**/bootstrap*.yml'
         - '**/application*.yaml'
         - '**/management*.yaml'
         - '**/actuator*.yaml'
+        - '**/bootstrap*.yaml'
     ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
     - if: '$CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/ &&

From 20f386270aa0d88a5eebe1a6eaa7c0174328567a Mon Sep 17 00:00:00 2001
From: Julian Thome <jthome@gitlab.com>
Date: Mon, 17 Mar 2025 10:25:00 +0100
Subject: [PATCH 3/4] refined patterns

---
 templates/sast.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 557df93..3e28a7c 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -156,12 +156,8 @@ semgrep-sast:
         - '**/*.kt'
         - '**/*.properties'
         - '**/application*.yml'
-        - '**/management*.yml'
-        - '**/actuator*.yml'
         - '**/bootstrap*.yml'
         - '**/application*.yaml'
-        - '**/management*.yaml'
-        - '**/actuator*.yaml'
         - '**/bootstrap*.yaml'
     ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
     - if: '$CI_COMMIT_BRANCH &&
@@ -199,6 +195,10 @@ semgrep-sast:
         - '**/*.yml'
         - '**/*.yaml'
         - '**/*.properties'
+        - '**/application*.yml'
+        - '**/bootstrap*.yml'
+        - '**/application*.yaml'
+        - '**/bootstrap*.yaml'
         
 sobelow-sast:
   extends: .sast-analyzer

From 4ed00df0584b630b4d65180983ccb7b0dd816045 Mon Sep 17 00:00:00 2001
From: Julian Thome <jthome@gitlab.com>
Date: Mon, 17 Mar 2025 10:31:48 +0100
Subject: [PATCH 4/4] remove yml patterns

---
 templates/sast.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 3e28a7c..6dad115 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -192,8 +192,6 @@ semgrep-sast:
         - '**/*.kt'
         - '**/*.cjs'
         - '**/*.mjs'
-        - '**/*.yml'
-        - '**/*.yaml'
         - '**/*.properties'
         - '**/application*.yml'
         - '**/bootstrap*.yml'