From 446d4146f594e3a4373e66b82bbd55cfc76f4ca6 Mon Sep 17 00:00:00 2001
From: "hyan@gitlab.com" <hyan@gitlab.com>
Date: Thu, 27 Mar 2025 16:51:36 +1100
Subject: [PATCH 1/8] Test GLAS multicore

---
 templates/sast.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/templates/sast.yml b/templates/sast.yml
index 6dad115..b8c33fe 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -55,6 +55,20 @@ gitlab-advanced-sast:
   variables:
     SAST_ANALYZER_IMAGE_TAG: 1
     SEARCH_MAX_DEPTH: 20
+    SCAN_METRICS_FILE: scan_metrics.csv
+  cache:
+    key: "$CI_COMMIT_REF_SLUG-scan-metrics"
+    paths:
+      - "$SCAN_METRICS_FILE"
+    policy: pull-push
+  artifacts:
+    access: 'developer'
+    reports:
+      sast: gl-sast-report.json
+    paths:
+      - "$SCAN_METRICS_FILE"
+    when: always
+    expire_in: 7 days
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
       when: never

From c6ea9d4f34116c8f2b4f4efc58dd3846ea1d20f1 Mon Sep 17 00:00:00 2001
From: "hyan@gitlab.com" <hyan@gitlab.com>
Date: Fri, 4 Apr 2025 11:29:31 +1100
Subject: [PATCH 2/8] Test GLAS multicore

---
 templates/sast.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index b8c33fe..cafc8f1 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -60,15 +60,6 @@ gitlab-advanced-sast:
     key: "$CI_COMMIT_REF_SLUG-scan-metrics"
     paths:
       - "$SCAN_METRICS_FILE"
-    policy: pull-push
-  artifacts:
-    access: 'developer'
-    reports:
-      sast: gl-sast-report.json
-    paths:
-      - "$SCAN_METRICS_FILE"
-    when: always
-    expire_in: 7 days
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
       when: never

From 4ea446f709bbe776fef6fdb8d7d8b5b4356bfe48 Mon Sep 17 00:00:00 2001
From: "hyan@gitlab.com" <hyan@gitlab.com>
Date: Tue, 8 Apr 2025 10:57:15 +1000
Subject: [PATCH 3/8] Improve cache

---
 templates/sast.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index cafc8f1..0d0145d 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -57,7 +57,9 @@ gitlab-advanced-sast:
     SEARCH_MAX_DEPTH: 20
     SCAN_METRICS_FILE: scan_metrics.csv
   cache:
-    key: "$CI_COMMIT_REF_SLUG-scan-metrics"
+    key: "scan-metrics-$CI_COMMIT_REF_SLUG"
+    fallback_keys:
+      - "scan-metrics-$CI_DEFAULT_BRANCH"
     paths:
       - "$SCAN_METRICS_FILE"
   rules:

From 8c5526b0f42c4f5f709c80360b7d3b65e9c9c975 Mon Sep 17 00:00:00 2001
From: Hua Yan <hyan@gitlab.com>
Date: Wed, 23 Apr 2025 13:01:09 +1000
Subject: [PATCH 4/8] Set path as "scan_metrics.csv"

---
 templates/sast.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 0d0145d..d16055d 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -55,13 +55,12 @@ gitlab-advanced-sast:
   variables:
     SAST_ANALYZER_IMAGE_TAG: 1
     SEARCH_MAX_DEPTH: 20
-    SCAN_METRICS_FILE: scan_metrics.csv
   cache:
     key: "scan-metrics-$CI_COMMIT_REF_SLUG"
     fallback_keys:
       - "scan-metrics-$CI_DEFAULT_BRANCH"
     paths:
-      - "$SCAN_METRICS_FILE"
+      - "scan_metrics.csv"
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
       when: never

From 70e258313531c24ed6edbac44f9adfc5caae9450 Mon Sep 17 00:00:00 2001
From: "hyan@gitlab.com" <hyan@gitlab.com>
Date: Mon, 28 Apr 2025 13:30:50 +1000
Subject: [PATCH 5/8] Bump analyser versions for 18.0

---
 templates/sast.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 6dad115..028d190 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -5,7 +5,7 @@ spec:
     image_prefix:
       default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
     image_tag:
-      default: '5'
+      default: '6'
     image_suffix:
       default: ""
     excluded_analyzers:
@@ -53,7 +53,7 @@ gitlab-advanced-sast:
   image:
     name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]"
   variables:
-    SAST_ANALYZER_IMAGE_TAG: 1
+    SAST_ANALYZER_IMAGE_TAG: 2
     SEARCH_MAX_DEPTH: 20
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'

From 5ee8b4583a8db1ecefe34f4d966fe740c916bd6b Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Wed, 28 May 2025 07:59:28 -0400
Subject: [PATCH 6/8] incorporating suggestions for markdown links and
 nomenclature.

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 9743638..701de67 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 
-This project provides componnets for the use of Static Application Security Testing as well as Infrastructure as Code testing. 
+This project provides components for the use of Static Application Security Testing as well as Infrastructure as Code scanning. 
 
 [[_TOC_]]
 
@@ -7,9 +7,9 @@ This project provides componnets for the use of Static Application Security Test
 
 ### Documentation References
 
-Configuration for SAST can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). 
+Configuration for SAST can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 
 
-More information about GitLab SAST is available within GitLab documentation (https://docs.gitlab.com/ee/user/application_security/sast/), along with the available variables (https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables).
+More information about GitLab SAST is available within [GitLab documentation](https://docs.gitlab.com/ee/user/application_security/sast/), along with the [available variables](https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables).
 
 ### Usage
 

From 04681f8725a31abd256d9a9e063f877568f0fe08 Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Wed, 28 May 2025 08:02:21 -0400
Subject: [PATCH 7/8] additional markdown and cleanup

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 701de67..337eb89 100644
--- a/README.md
+++ b/README.md
@@ -57,9 +57,9 @@ This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` wit
 
 ### Documentation References
 
-Configuration for IaC scanning can be performed through CI/CD Variables (https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of Inputs (https://docs.gitlab.com/ci/inputs/). 
+Configuration for IaC scanning can be performed through [CI/CD Variables](https://docs.gitlab.com/ee/ci/variables/index.html) or via the definition of [Inputs](https://docs.gitlab.com/ci/inputs/). 
 
-More information about GitLab Infrastructure as Code scanning is available within GitLab documentation (https://docs.gitlab.com/user/application_security/iac_scanning/). 
+More information about GitLab Infrastructure as Code scanning is available within [GitLab documentation](https://docs.gitlab.com/user/application_security/iac_scanning/). 
 
 ### Usage
 
@@ -68,7 +68,7 @@ keyword.
 
 ```yaml
 include:
-  - component: gitlab.com/components/sast/kics-iac-sast@<VERSION> # To include IaC Scanning
+  - component: gitlab.com/components/sast/iac-sast@<VERSION> # To include IaC Scanning
 ```
 
 where `<VERSION>` is the latest released tag or `main`.
@@ -79,7 +79,7 @@ where `<VERSION>` is the latest released tag or `main`.
 | ----- | ------------- | ----------- | 
 | `stage` | `test`      | The stage where you want the job to be added | 
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from | 
-| `image_tag` | `4` | Tag of the Docker image to use | 
+| `image_tag` | `6` | Tag of the Docker image to use | 
 | `image_suffix` | `""` | Suffix added to image. |
 | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
 | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |

From 32b811c5ad1e898df31aa949a8fc3994ded5b5ec Mon Sep 17 00:00:00 2001
From: Rob Jackson <rjackson@gitlab.com>
Date: Wed, 28 May 2025 08:31:14 -0400
Subject: [PATCH 8/8] cleanup

---
 README.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 337eb89..c6a0302 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ keyword.
 
 ```yaml
 include:
-  - component: gitlab.com/components/sast/sast@<VERSION> # To include SAST Scanning
+  - component: gitlab.com/components/sast/sast@<VERSION>
 ```
 
 where `<VERSION>` is the latest released tag or `main`.
@@ -68,7 +68,7 @@ keyword.
 
 ```yaml
 include:
-  - component: gitlab.com/components/sast/iac-sast@<VERSION> # To include IaC Scanning
+  - component: gitlab.com/components/sast/iac-sast@<VERSION>
 ```
 
 where `<VERSION>` is the latest released tag or `main`.
@@ -84,8 +84,6 @@ where `<VERSION>` is the latest released tag or `main`.
 | `excluded_paths` | `"spec, test, tests, tmp"` | Comma separated list of paths to exclude |
 | `search_max_depth` | `4` | Defines how many directory levels the search for programming languages should span |
 
-
-
 ## Contribute
 
 Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components