vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-06-30 07:28:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'add-clangsa' into 'main'

Browse source 
Draft: Add clangsa analyzer

See merge request components/sast!29
This commit is contained in:
Jason Leasure 2025-06-17 08:55:07 -04:00
commit 7ca5ca1f13
1 changed files with 22 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

38
templates/sast.yml
View file

@ -69,14 +69,6 @@ spec:
.semgrep-with-advanced-sast-exist-rules: .semgrep-with-advanced-sast-exist-rules:
exists: exists:
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.c++'
- '**/*.cp'
- '**/*.cxx'
- '**/*.h'
- '**/*.hpp'
- '**/*.scala' - '**/*.scala'
- '**/*.sc' - '**/*.sc'
- '**/*.php' - '**/*.php'
@ -96,14 +88,6 @@ spec:
- '**/*.jsx' - '**/*.jsx'
- '**/*.ts' - '**/*.ts'
- '**/*.tsx' - '**/*.tsx'
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.c++'
- '**/*.cp'
- '**/*.cxx'
- '**/*.h'
- '**/*.hpp'
- '**/*.go' - '**/*.go'
- '**/*.java' - '**/*.java'
- '**/*.cs' - '**/*.cs'
@ -254,3 +238,25 @@ spotbugs-sast:
- if: $CI_COMMIT_BRANCH - if: $CI_COMMIT_BRANCH
exists: exists:
- '**/*.groovy' - '**/*.groovy'
clangsa-sast:
extends: .sast-analyzer
image:
name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/security-products/analyzers/clangsa:0"
script: |-
# until https://gitlab.com/gitlab-org/gitlab/-/issues/549837, prevent sast_fp_reduction
export GITLAB_FEATURES=$(echo "$GITLAB_FEATURES" | sed 's/\bsast_fp_reduction\b//g' | sed 's/,,/,/g' | sed 's/^,//g' | sed 's/,$//g')
/analyzer run
rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /clangsa/'
when: never
- if: $CI_COMMIT_BRANCH
exists:
- "**/*.c"
- "**/*.cc"
- "**/*.cpp"
- "**/*.c++"
- "**/*.cp"
- "**/*.cxx"
- "**/*.h"
- "**/*.hpp"