vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-07-01 07:48:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: vor:9e2d2f3af1f9f56b85e2ecacc22368b0fcb9fb0a
Branches Tags
vor:main
vor:add-clangsa
vor:remove-inputs-from-readme
vor:514659-enable-gitlab-advanced-sast-by-default
vor:advanced-sast
vor:3.0.0
vor:2.1.0
vor:2.0.2
vor:2.0.1
vor:2.0.0
vor:1.1.2
vor:1.1.1
vor:1.1.0
vor:1.0.1
vor:1.0
vor:0.1
...
compare: vor:e0d30c4a71f9b546f138f1cf5c3fd9dc57a00d37
Branches Tags
vor:add-clangsa
vor:main
vor:remove-inputs-from-readme
vor:514659-enable-gitlab-advanced-sast-by-default
vor:advanced-sast
vor:3.0.0
vor:2.1.0
vor:2.0.2
vor:2.0.1
vor:2.0.0
vor:1.1.2
vor:1.1.1
vor:1.1.0
vor:1.0.1
vor:1.0
vor:0.1

9 commits
9e2d2f3af1 ... e0d30c4a71

Author SHA1 Message Date
Philip Cunningham
e0d30c4a71
Enable GLAS PHP Support FF by default 2025-05-22 11:41:23 +01:00
Philip Cunningham
ccd33f9a02
Add PHP language support to gitlab-advanced-sast 2025-05-22 11:39:39 +01:00
Hua Yan
5758da0696 Merge branch 'hyan/glas-multicore' into 'main' 
Support profiling via cache for GLAS multicore workload balancing

See merge request components/sast!22
 2025-04-29 17:28:17 +10:00
Thiago Figueiró
7f7984b96d Merge branch 'hyan/sast-18.0' into 'main' 
Bump SAST analyser major version for 18.0

See merge request components/sast!24
 2025-04-28 13:49:41 +10:00
hyan@gitlab.com
70e2583135 Bump analyser versions for 18.0 2025-04-28 13:30:50 +10:00
Hua Yan
8c5526b0f4 Set path as "scan_metrics.csv" 2025-04-23 13:01:09 +10:00
hyan@gitlab.com
4ea446f709 Improve cache 2025-04-08 10:57:15 +10:00
hyan@gitlab.com
c6ea9d4f34 Test GLAS multicore 2025-04-04 11:29:31 +11:00
hyan@gitlab.com
446d4146f5 Test GLAS multicore 2025-04-04 10:51:29 +11:00
1 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

16
templates/sast.yml
View file

@ -5,7 +5,7 @@ spec:
image_prefix: image_prefix:
default: "$CI_TEMPLATE_REGISTRY_HOST/security-products" default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
image_tag: image_tag:
default: '5' default: '6'
image_suffix: image_suffix:
default: "" default: ""
excluded_analyzers: excluded_analyzers:
@ -53,8 +53,15 @@ gitlab-advanced-sast:
image: image:
name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]" name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]"
variables: variables:
SAST_ANALYZER_IMAGE_TAG: 1 FF_GLAS_ENABLE_PHP_SUPPORT: 'true'
SAST_ANALYZER_IMAGE_TAG: 2
SEARCH_MAX_DEPTH: 20 SEARCH_MAX_DEPTH: 20
cache:
key: "scan-metrics-$CI_COMMIT_REF_SLUG"
fallback_keys:
- "scan-metrics-$CI_DEFAULT_BRANCH"
paths:
- "scan_metrics.csv"
rules: rules:
- if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/' - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
when: never when: never
@ -75,6 +82,7 @@ gitlab-advanced-sast:
- '**/*.mjs' - '**/*.mjs'
- '**/*.cs' - '**/*.cs'
- '**/*.rb' - '**/*.rb'
- '**/*.php'
brakeman-sast: brakeman-sast:
extends: .deprecated-16.8 extends: .deprecated-16.8
@ -138,7 +146,7 @@ semgrep-sast:
"$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ && "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
"$[[ inputs.run_advanced_sast ]]" == "true"' "$[[ inputs.run_advanced_sast ]]" == "true"'
variables: variables:
SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb" SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb, **/*.php"
exists: exists:
- '**/*.c' - '**/*.c'
- '**/*.cc' - '**/*.cc'
@ -197,7 +205,7 @@ semgrep-sast:
- '**/bootstrap*.yml' - '**/bootstrap*.yml'
- '**/application*.yaml' - '**/application*.yaml'
- '**/bootstrap*.yaml' - '**/bootstrap*.yaml'
sobelow-sast: sobelow-sast:
extends: .sast-analyzer extends: .sast-analyzer
image: image: