Merge branch 'iac-kics-sast' into 'main'

Added KICS IaC Scanner See merge request components/sast!23
cleanup
2025-06-30 07:28:29 +02:00 · 2025-05-28 08:31:20 -04:00 · 2025-05-28 08:31:14 -04:00 · 2025-05-28 08:02:21 -04:00 · 2025-05-28 07:59:28 -04:00 · 2025-04-29 17:28:17 +10:00
2 changed files with 16 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@

-This project provides componnets for the use of Static Application Security Testing as well as Infrastructure as Code testing. 
+This project provides components for the use of Static Application Security Testing as well as Infrastructure as Code scanning. 

 [[_TOC_]]

@ -7,9 +7,9 @@ This project provides componnets for the use of Static Application Security Test

 ### Documentation References

-Configuration for SAST can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). 
+Configuration for SAST can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 

-More information about GitLab SAST is available within GitLab documentation (https://docs.gitlab.com/ee/user/application_security/sast/), along with the available variables (https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables).
+More information about GitLab SAST is available within [GitLab documentation](https://docs.gitlab.com/ee/user/application_security/sast/), along with the [available variables](https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables).

 ### Usage

@ -18,7 +18,7 @@ keyword.

 ```yaml
 include:
-  - component: gitlab.com/components/sast/sast@<VERSION> # To include SAST Scanning
+  - component: gitlab.com/components/sast/sast@<VERSION>
 ```

 where `<VERSION>` is the latest released tag or `main`.
@ -57,9 +57,9 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit

 ### Documentation References

-Configuration for IaC scanning can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). 
+Configuration for IaC scanning can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 

-More information about GitLab Infrastructure as Code scanning is available within GitLab documentation (https://docs.gitlab.com/user/application_security/iac_scanning/). 
+More information about GitLab Infrastructure as Code scanning is available within [GitLab documentation](https://docs.gitlab.com/user/application_security/iac_scanning/). 

 ### Usage

@ -68,7 +68,7 @@ keyword.

 ```yaml
 include:
-  - component: gitlab.com/components/sast/kics-iac-sast@<VERSION> # To include IaC Scanning
+  - component: gitlab.com/components/sast/iac-sast@<VERSION>
 ```

 where `<VERSION>` is the latest released tag or `main`.
@ -79,13 +79,11 @@ where `<VERSION>` is the latest released tag or `main`.
 | ----- | ------------- | ----------- | 
 | `stage` | `test`      | The stage where you want the job to be added | 
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | 
-| `image_tag` | `4` | Tag of the Docker image to use | 
+| `image_tag` | `6` | Tag of the Docker image to use | 
 | `image_suffix` | `""` | Suffix added to image. |
 | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
 | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |

-
-
 ## Contribute

 Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components 
--- a/templates/sast.yml
+++ b/templates/sast.yml
@ -5,7 +5,7 @@ spec:
    image_prefix:
      default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
    image_tag:
-      default: '5'
+      default: '6'
    image_suffix:
      default: ""
    excluded_analyzers:
@ -53,8 +53,14 @@ gitlab-advanced-sast:
  image:
    name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]"
  variables:
-    SAST_ANALYZER_IMAGE_TAG: 1
+    SAST_ANALYZER_IMAGE_TAG: 2
    SEARCH_MAX_DEPTH: 20
+  cache:
+    key: "scan-metrics-$CI_COMMIT_REF_SLUG"
+    fallback_keys:
+      - "scan-metrics-$CI_DEFAULT_BRANCH"
+    paths:
+      - "scan_metrics.csv"
  rules:
    - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
      when: never
Author	SHA1	Message	Date
Rob Jackson	80aeead68f	Merge branch 'iac-kics-sast' into 'main' Added KICS IaC Scanner See merge request components/sast!23	2025-05-28 08:31:20 -04:00
Rob Jackson	32b811c5ad	cleanup	2025-05-28 08:31:14 -04:00
Rob Jackson	04681f8725	additional markdown and cleanup	2025-05-28 08:02:21 -04:00
Rob Jackson	5ee8b4583a	incorporating suggestions for markdown links and nomenclature.	2025-05-28 07:59:28 -04:00
Hua Yan	5758da0696	Merge branch 'hyan/glas-multicore' into 'main' Support profiling via cache for GLAS multicore workload balancing See merge request components/sast!22	2025-04-29 17:28:17 +10:00
Thiago Figueiró	7f7984b96d	Merge branch 'hyan/sast-18.0' into 'main' Bump SAST analyser major version for 18.0 See merge request components/sast!24	2025-04-28 13:49:41 +10:00
hyan@gitlab.com	70e2583135	Bump analyser versions for 18.0	2025-04-28 13:30:50 +10:00
Hua Yan	8c5526b0f4	Set path as "scan_metrics.csv"	2025-04-23 13:01:09 +10:00
hyan@gitlab.com	4ea446f709	Improve cache	2025-04-08 10:57:15 +10:00
hyan@gitlab.com	c6ea9d4f34	Test GLAS multicore	2025-04-04 11:29:31 +11:00
hyan@gitlab.com	446d4146f5	Test GLAS multicore	2025-04-04 10:51:29 +11:00