mirror of
https://gitlab.com/components/sast.git
synced 2025-06-30 07:28:29 +02:00
Compare commits
11 commits
35ed5fdf3f
...
0e912847b6
| Author | SHA1 | Date | |
|---|---|---|---|
|
0e912847b6 | ||
|
|
81caeb7959 | ||
|
|
77c1b82128 | ||
|
|
fc17b60e0e | ||
|
5758da0696 | ||
|
7f7984b96d | ||
|
|
70e2583135 | ||
|
|
8c5526b0f4 | ||
|
|
4ea446f709 | ||
|
|
c6ea9d4f34 | ||
|
|
446d4146f5 |
2 changed files with 18 additions and 12 deletions
20
README.md
20
README.md
|
|
@ -39,16 +39,16 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit
|
|||
|
||||
| Input | Default value | Description | SAST | IaC |
|
||||
| ----- | ------------- | ----------- | ---- | --- |
|
||||
| `stage` | `test` | The stage where you want the job to be added | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
|
||||
| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
|
||||
| `image_tag` | `4` | Tag of the Docker image to use | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
|
||||
| `image_suffix` | `""` | Suffix added to image. If set to `-fips`, [`FIPS-enabled` images](https://docs.gitlab.com/ee/user/application_security/sast/#fips-enabled-images) are used for scan. Only used by `semgrep` analyzer | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes, no FIPS support for IaC |
|
||||
| `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
|
||||
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
|
||||
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
|
||||
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
|
||||
| `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
|
||||
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
|
||||
| `stage` | `test` | The stage where you want the job to be added | :white_check_mark: Yes | :white_check_mark: Yes |
|
||||
| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | :white_check_mark: Yes | :white_check_mark: Yes |
|
||||
| `image_tag` | `4` | Tag of the Docker image to use | :white_check_mark: Yes | :white_check_mark: Yes |
|
||||
| `image_suffix` | `""` | Suffix added to image. If set to `-fips`, [`FIPS-enabled` images](https://docs.gitlab.com/ee/user/application_security/sast/#fips-enabled-images) are used for scan. Only used by `semgrep` analyzer | :white_check_mark: Yes | :white_check_mark: Yes, no FIPS support for IaC |
|
||||
| `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run | :white_check_mark: Yes | :x: No |
|
||||
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | :white_check_mark: Yes | :white_check_mark: Yes |
|
||||
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | :white_check_mark: Yes | :white_check_mark: Yes |
|
||||
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | :white_check_mark: Yes | :x: No |
|
||||
| `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) | :white_check_mark: Yes | :x: No |
|
||||
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) | :white_check_mark: Yes | :x: No |
|
||||
|
||||
## Contribute
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ spec:
|
|||
image_prefix:
|
||||
default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
|
||||
image_tag:
|
||||
default: '5'
|
||||
default: '6'
|
||||
image_suffix:
|
||||
default: ""
|
||||
excluded_analyzers:
|
||||
|
|
@ -53,8 +53,14 @@ gitlab-advanced-sast:
|
|||
image:
|
||||
name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]"
|
||||
variables:
|
||||
SAST_ANALYZER_IMAGE_TAG: 1
|
||||
SAST_ANALYZER_IMAGE_TAG: 2
|
||||
SEARCH_MAX_DEPTH: 20
|
||||
cache:
|
||||
key: "scan-metrics-$CI_COMMIT_REF_SLUG"
|
||||
fallback_keys:
|
||||
- "scan-metrics-$CI_DEFAULT_BRANCH"
|
||||
paths:
|
||||
- "scan_metrics.csv"
|
||||
rules:
|
||||
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
|
||||
when: never
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue