From 88139ed5694fae2326d456a4ca1739835135250c Mon Sep 17 00:00:00 2001
From: Julian Thome <jthome@gitlab.com>
Date: Mon, 2 Jun 2025 10:31:09 +0200
Subject: [PATCH] Apply 2 suggestion(s) to 1 file(s)

Co-authored-by: Adam Cohen <acohen@gitlab.com>
---
 templates/sast.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 2a6aa12..64e7743 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -201,7 +201,7 @@ semgrep-sast:
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /semgrep/'
       when: never
-    # When advanced SAST runs with PHP support enabled
+    # When gitlab-advanced-sast runs with PHP support enabled, exclude the `*.php` extension, as well as other files already scanned by gitlab-advanced-sast
     - if: '$CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
           "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
@@ -210,7 +210,7 @@ semgrep-sast:
       variables:
         SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb, **/*.php"
       exists: !reference [.semgrep-with-advanced-sast-exist-rules, exists]
-    # When advanced SAST runs but PHP support is disabled
+    # When gitlab-advanced-sast runs but PHP support is disabled, exclude files already scanned by gitlab-advanced-sast
     - if: '$CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
           "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&