# SAST (Static Application Security Testing)

Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/

Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables

## Usage

You should add this component to an existing `.gitlab-ci.yml` file by using the `include:`
keyword.

```yaml
include:
  - component: gitlab.com/components/sast/sast@<VERSION>
```

where `<VERSION>` is the latest released tag or `main`.

If you are converting the configuration to use components and want to leverage the existing variable `$SAST_DISABLED` you could conditionally include the component using the variable:

```yaml
include:
  - component: gitlab.com/components/sast/sast@main
    rules:
      - if: $SAST_DISABLED == "true" || $SAST_DISABLED == "1"
        when: never
      - when: always
```

Otherwise all SAST jobs will always run when applicable.

This assumes `SAST_DISABLED` variable is already defined in `.gitlab-ci.yml` with either `'true'` or `'1'` as the value.

## Contribute

Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components