From 2a492122e246b890b4ec07988800a55acffc4055 Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Tue, 20 May 2025 22:03:35 -0400
Subject: [PATCH 1/3] Apply 1 suggestion(s) to 1 file(s)

Co-authored-by: Adam Cohen <acohen@gitlab.com>
---
 templates/iac-kics-sast.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/iac-kics-sast.yml b/templates/iac-kics-sast.yml
index 3835b33..a07a2a8 100644
--- a/templates/iac-kics-sast.yml
+++ b/templates/iac-kics-sast.yml
@@ -9,7 +9,7 @@ spec:
             default: "spec, test, tests, tmp"
         excluded_analyzers:
             default: ""
-        analyzer_image:
+        image_prefix:
             default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
         search_max_depth:
             default: 4

From cf87e0da3836769907be5418e450652f382849a7 Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Tue, 20 May 2025 22:04:22 -0400
Subject: [PATCH 2/3] Apply 1 suggestion(s) to 1 file(s)

Co-authored-by: Adam Cohen <acohen@gitlab.com>
---
 templates/iac-kics-sast.yml | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/templates/iac-kics-sast.yml b/templates/iac-kics-sast.yml
index a07a2a8..45302c6 100644
--- a/templates/iac-kics-sast.yml
+++ b/templates/iac-kics-sast.yml
@@ -17,26 +17,19 @@ spec:
             default: 6
 
 ---
-iac-sast:
+kics-iac-sast:
   stage: $[[ inputs.stage ]]
+  image:
+    name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
+  variables:
+    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
+  script:
+    - /analyzer run
   artifacts:
     access: 'developer'
     reports:
       sast: gl-sast-report.json
-  rules:
-    - when: never
-  # `rules` must be overridden explicitly by each child job
-  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-  variables:
-    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
   allow_failure: true
-  script:
-    - /analyzer run
-
-kics-iac-sast:
-  extends: iac-sast
-  image:
-    name: "$[[ inputs.analyzer_image ]]/kics:$[[ inputs.image_tag ]]"
   rules:
     - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
       when: never

From 40ec68512df97291991e97e5dcf304accb78387f Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Tue, 20 May 2025 22:10:19 -0400
Subject: [PATCH 3/3] adding image suffix to keep inputs whole

---
 templates/iac-kics-sast.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/iac-kics-sast.yml b/templates/iac-kics-sast.yml
index 45302c6..ff6e530 100644
--- a/templates/iac-kics-sast.yml
+++ b/templates/iac-kics-sast.yml
@@ -11,6 +11,8 @@ spec:
             default: ""
         image_prefix:
             default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
+        image_suffix:
+            dafault: ""
         search_max_depth:
             default: 4
         image_tag: