vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-06-30 15:38:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace var to run kubesec-sast job with input

Browse source
This commit is contained in:
Fabio Pitino 2023-05-03 10:47:29 +01:00
parent 8956444fcb
commit a2e96cb379
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -25,3 +25,4 @@ where `<VERSION>` is the latest released tag or `main`.
| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from |
| `image_suffix` | `""` | Used by `semgrep-sast` job only | | `image_suffix` | `""` | Used by `semgrep-sast` job only |
| `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run | | `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run |
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job |

5
template.yml
View file

@ -8,6 +8,8 @@ spec:
default: "" default: ""
excluded_analyzers: excluded_analyzers:
default: "" default: ""
run_kubesec_sast:
default: 'false'
--- ---
.sast-analyzer: .sast-analyzer:
@ -75,8 +77,7 @@ kubesec-sast:
when: never when: never
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /kubesec/' - if: '"$[[ inputs.excluded_analyzers ]]" =~ /kubesec/'
when: never when: never
- if: $CI_COMMIT_BRANCH && - if: '$CI_COMMIT_BRANCH && "$[[ inputs.run_kubesec_sast ]]" == "true"'
$SCAN_KUBERNETES_MANIFESTS == 'true'
.mobsf-sast: .mobsf-sast:
extends: .sast-analyzer extends: .sast-analyzer