Merge branch 'add-clangsa' into 'main'

Draft: Add clangsa analyzer See merge request components/sast!29
Add clangsa analyzer
2025-06-30 07:28:29 +02:00 · 2025-06-16 12:46:00 -04:00 · 2025-06-16 12:14:54 -04:00
1 changed files with 18 additions and 16 deletions
--- a/templates/sast.yml
+++ b/templates/sast.yml
@ -69,14 +69,6 @@ spec:

 .semgrep-with-advanced-sast-exist-rules:
  exists:
-    - '**/*.c'
-    - '**/*.cc'
-    - '**/*.cpp'
-    - '**/*.c++'
-    - '**/*.cp'
-    - '**/*.cxx'
-    - '**/*.h'
-    - '**/*.hpp'
    - '**/*.scala'
    - '**/*.sc'
    - '**/*.php'
@ -96,14 +88,6 @@ spec:
    - '**/*.jsx'
    - '**/*.ts'
    - '**/*.tsx'
-    - '**/*.c'
-    - '**/*.cc'
-    - '**/*.cpp'
-    - '**/*.c++'
-    - '**/*.cp'
-    - '**/*.cxx'
-    - '**/*.h'
-    - '**/*.hpp'
    - '**/*.go'
    - '**/*.java'
    - '**/*.cs'
@ -254,3 +238,21 @@ spotbugs-sast:
    - if: $CI_COMMIT_BRANCH
      exists:
        - '**/*.groovy'
+
+clangsa-sast:
+  extends: .sast-analyzer
+  image:
+    name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/security-products/analyzers/clangsa:0"
+  rules:
+    - if: '"$[[ inputs.excluded_analyzers ]]" =~ /clangsa/'
+      when: never
+    - if: $CI_COMMIT_BRANCH
+      exists:
+        - "**/*.c"
+        - "**/*.cc"
+        - "**/*.cpp"
+        - "**/*.c++"
+        - "**/*.cp"
+        - "**/*.cxx"
+        - "**/*.h"
+        - "**/*.hpp"
Author	SHA1	Message	Date
Jason Leasure	0cd55615a7	Merge branch 'add-clangsa' into 'main' Draft: Add clangsa analyzer See merge request components/sast!29	2025-06-16 12:46:00 -04:00
Jason Leasure	08cc6f7688	Add clangsa analyzer	2025-06-16 12:14:54 -04:00