Merge branch 'philipcunningham-make-php-support-available-in-glas-523657' into 'main'

Add PHP language support to gitlab-advanced-sast

See merge request components/sast!21

README.md

@@ -1,17 +1,11 @@
+# SAST (Static Application Security Testing)
 
-This project provides components for the use of Static Application Security Testing as well as Infrastructure as Code scanning. 
+Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
 
-[[_TOC_]]
+Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
+List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
 
-## Static Application Security Testing (SAST)
+## Usage
-
-### Documentation References
-
-Configuration for SAST can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 
-
-More information about GitLab SAST is available within [GitLab documentation](https://docs.gitlab.com/ee/user/application_security/sast/), along with the [available variables](https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables).
-
-### Usage
 
 You should add this component to an existing `.gitlab-ci.yml` file by using the `include:`
 keyword.
@@ -51,39 +45,9 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit
 | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |
 | `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job  |
 | `run_advanced_sast` | `false` | Set it to `true` to enable [GitLab Advanced SAST](https://docs.gitlab.com/ee/user/application_security/sast/gitlab_advanced_sast.html) |
+| `include_experimental` | `"false"` | Set it to `"true"` to enable [experimental analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) |
 | `ff_glas_enable_php_support` | `"true"` | Set it to `"false"` to disable [PHP support for GLAS](https://gitlab.com/groups/gitlab-org/-/epics/14273) |
 
-## Infrastructure as Code (IaC) Scanning
-
-### Documentation References
-
-Configuration for IaC scanning can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 
-
-More information about GitLab Infrastructure as Code scanning is available within [GitLab documentation](https://docs.gitlab.com/user/application_security/iac_scanning/). 
-
-### Usage
-
-You should add this component to an existing `.gitlab-ci.yml` file by using the `include:`
-keyword.
-
-```yaml
-include:
-  - component: gitlab.com/components/sast/iac-sast@<VERSION>
-```
-
-where `<VERSION>` is the latest released tag or `main`.
-
-### Inputs
-
-| Input | Default value | Description |
-| ----- | ------------- | ----------- | 
-| `stage` | `test`      | The stage where you want the job to be added | 
-| `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | 
-| `image_tag` | `6` | Tag of the Docker image to use | 
-| `image_suffix` | `""` | Suffix added to image. |
-| `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
-| `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |
-
 ## Contribute
 
 Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components 

templates/iac-sast.yml

@@ -1,38 +0,0 @@
-# Component created based on GitLab's IAC SAST Scanning template
-# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
-
-spec:
-    inputs:
-        stage:
-            default: test
-        excluded_paths:
-            default: "spec, test, tests, tmp"
-        excluded_analyzers:
-            default: ""
-        image_prefix:
-            default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
-        image_suffix:
-            dafault: ""
-        search_max_depth:
-            default: 4
-        image_tag:
-            default: 6
-
----
-kics-iac-sast:
-  stage: $[[ inputs.stage ]]
-  image:
-    name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
-  variables:
-    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
-  script:
-    - /analyzer run
-  artifacts:
-    access: 'developer'
-    reports:
-      sast: gl-sast-report.json
-  allow_failure: true
-  rules:
-    - if: $[[ inputs.excluded_analyzers ]] =~ /kics/
-      when: never
-    - if: $CI_COMMIT_BRANCH