vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-07-03 00:38:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: vor:35ed5fdf3f5c19af8e09ae2de68c623b630b3e5c
Branches Tags
vor:main
vor:add-clangsa
vor:remove-inputs-from-readme
vor:514659-enable-gitlab-advanced-sast-by-default
vor:advanced-sast
vor:3.0.0
vor:2.1.0
vor:2.0.2
vor:2.0.1
vor:2.0.0
vor:1.1.2
vor:1.1.1
vor:1.1.0
vor:1.0.1
vor:1.0
vor:0.1
..
compare: vor:0e912847b690667b56fceade7d7e8ba0de8601f9
Branches Tags
vor:add-clangsa
vor:main
vor:remove-inputs-from-readme
vor:514659-enable-gitlab-advanced-sast-by-default
vor:advanced-sast
vor:3.0.0
vor:2.1.0
vor:2.0.2
vor:2.0.1
vor:2.0.0
vor:1.1.2
vor:1.1.1
vor:1.1.0
vor:1.0.1
vor:1.0
vor:0.1

4 commits
35ed5fdf3f ... 0e912847b6

Author SHA1 Message Date
Rob Jackson
0e912847b6 Merge branch 'iac-kics-sast' into 'main' 
Added KICS IaC Scanner

See merge request components/sast!23
 2025-05-27 08:00:29 -04:00
Rob Jackson
81caeb7959 fix typo 2025-05-26 12:54:10 -04:00
Rob Jackson
77c1b82128 another table format 2025-05-26 12:53:30 -04:00
Rob Jackson
fc17b60e0e fixing checkboxes in table 2025-05-26 12:50:52 -04:00
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
README.md
View file

@ -39,16 +39,16 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit
| Input | Default value | Description | SAST | IaC |
| ----- | ------------- | ----------- | ---- | --- |
| `stage` | `test` | The stage where you want the job to be added | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
| `image_tag` | `4` | Tag of the Docker image to use | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
| `image_suffix` | `""` | Suffix added to image. If set to `-fips`, [`FIPS-enabled` images](https://docs.gitlab.com/ee/user/application_security/sast/#fips-enabled-images) are used for scan. Only used by `semgrep` analyzer | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes, no FIPS support for IaC |
| `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes |
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
| `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No |
| `stage` | `test` | The stage where you want the job to be added | :white_check_mark: Yes | :white_check_mark: Yes |
| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | :white_check_mark: Yes | :white_check_mark: Yes |
| `image_tag` | `4` | Tag of the Docker image to use | :white_check_mark: Yes | :white_check_mark: Yes |
| `image_suffix` | `""` | Suffix added to image. If set to `-fips`, [`FIPS-enabled` images](https://docs.gitlab.com/ee/user/application_security/sast/#fips-enabled-images) are used for scan. Only used by `semgrep` analyzer | :white_check_mark: Yes | :white_check_mark: Yes, no FIPS support for IaC |
| `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run | :white_check_mark: Yes | :x: No |
| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | :white_check_mark: Yes | :white_check_mark: Yes |
| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | :white_check_mark: Yes | :white_check_mark: Yes |
| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job | :white_check_mark: Yes | :x: No |
| `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) | :white_check_mark: Yes | :x: No |
| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) | :white_check_mark: Yes | :x: No |
## Contribute