diff --git a/README.md b/README.md index 9743638..c6a0302 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -This project provides componnets for the use of Static Application Security Testing as well as Infrastructure as Code testing. +This project provides components for the use of Static Application Security Testing as well as Infrastructure as Code scanning. [[_TOC_]] @@ -7,9 +7,9 @@ This project provides componnets for the use of Static Application Security Test ### Documentation References -Configuration for SAST can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). +Configuration for SAST can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). -More information about GitLab SAST is available within GitLab documentation (https://docs.gitlab.com/ee/user/application_security/sast/), along with the available variables (https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables). +More information about GitLab SAST is available within [GitLab documentation](https://docs.gitlab.com/ee/user/application_security/sast/), along with the [available variables](https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables). ### Usage @@ -18,7 +18,7 @@ keyword. ```yaml include: - - component: gitlab.com/components/sast/sast@ # To include SAST Scanning + - component: gitlab.com/components/sast/sast@ ``` where `` is the latest released tag or `main`. @@ -57,9 +57,9 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit ### Documentation References -Configuration for IaC scanning can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). +Configuration for IaC scanning can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). -More information about GitLab Infrastructure as Code scanning is available within GitLab documentation (https://docs.gitlab.com/user/application_security/iac_scanning/). +More information about GitLab Infrastructure as Code scanning is available within [GitLab documentation](https://docs.gitlab.com/user/application_security/iac_scanning/). ### Usage @@ -68,7 +68,7 @@ keyword. ```yaml include: - - component: gitlab.com/components/sast/kics-iac-sast@ # To include IaC Scanning + - component: gitlab.com/components/sast/iac-sast@ ``` where `` is the latest released tag or `main`. @@ -79,13 +79,11 @@ where `` is the latest released tag or `main`. | ----- | ------------- | ----------- | | `stage` | `test` | The stage where you want the job to be added | | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | -| `image_tag` | `4` | Tag of the Docker image to use | +| `image_tag` | `6` | Tag of the Docker image to use | | `image_suffix` | `""` | Suffix added to image. | | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude | | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span | - - ## Contribute Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components diff --git a/templates/sast.yml b/templates/sast.yml index 6dad115..ccb3eec 100644 --- a/templates/sast.yml +++ b/templates/sast.yml @@ -5,7 +5,7 @@ spec: image_prefix: default: "$CI_TEMPLATE_REGISTRY_HOST/security-products" image_tag: - default: '5' + default: '6' image_suffix: default: "" excluded_analyzers: @@ -53,8 +53,14 @@ gitlab-advanced-sast: image: name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]" variables: - SAST_ANALYZER_IMAGE_TAG: 1 + SAST_ANALYZER_IMAGE_TAG: 2 SEARCH_MAX_DEPTH: 20 + cache: + key: "scan-metrics-$CI_COMMIT_REF_SLUG" + fallback_keys: + - "scan-metrics-$CI_DEFAULT_BRANCH" + paths: + - "scan_metrics.csv" rules: - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/' when: never