From 618e68d9593a2a185e28b4cad7093f26e9d87b4e Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Wed, 3 May 2023 10:13:35 +0100
Subject: [PATCH] Add stage input and remove "sast" job

---
 README.md    |  7 ++++++-
 template.yml | 31 ++++++++++++-------------------
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index f031b07..394818e 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,6 @@
-## SAST (Static Application Security Testing)
\ No newline at end of file
+## SAST (Static Application Security Testing)
+
+Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
+
+Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
+List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
\ No newline at end of file
diff --git a/template.yml b/template.yml
index 7b2e9e1..3b0fe3d 100644
--- a/template.yml
+++ b/template.yml
@@ -1,8 +1,9 @@
-# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
-#
-# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
-
+spec:
+  inputs:
+    stage:
+      default: test
+    
+---
 variables:
   # Setting this variable will affect all Security templates
   # (SAST, Dependency Scanning, ...)
@@ -13,26 +14,18 @@ variables:
   SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
   SCAN_KUBERNETES_MANIFESTS: "false"
 
-sast:
-  stage: test
-  artifacts:
-    reports:
-      sast: gl-sast-report.json
-  rules:
-    - when: never
-  variables:
-    SEARCH_MAX_DEPTH: 4
-  script:
-    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
-    - exit 1
-
 .sast-analyzer:
-  extends: sast
+  stage: $[[ inputs.stage ]]
   allow_failure: true
   # `rules` must be overridden explicitly by each child job
   # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
+  variables:
+    SEARCH_MAX_DEPTH: 4
   script:
     - /analyzer run
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
 
 bandit-sast:
   extends: .sast-analyzer