vor/sast
1
0
Fork 0
mirror of https://gitlab.com/components/sast.git synced 2025-06-30 15:38:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
Static Application Security Testing (SAST) checks your source code for known vulnerabilities.
83 commits 5 branches 11 tags 205 KiB
Find a file
Philip Cunningham 13113d88c2 Merge branch 'philipcunningham-make-php-support-available-in-glas-523657' into 'main' 
Add PHP language support to gitlab-advanced-sast

See merge request components/sast!21
2025-05-27 13:43:21 +01:00
src/ruby_gem Add .gitlab-ci.yml and test Ruby app 2023-05-03 17:02:09 +01:00
templates Enable GLAS PHP Support FF by default 2025-05-23 14:54:04 +01:00
.gitlab-ci.yml Run a couple of jobs only on Gitlab.com 2024-06-25 18:22:33 +02:00
LICENSE Add LICENSE 2025-01-27 10:26:44 +01:00
logo.png Update file logo.png 2023-12-12 15:08:09 +00:00
README.md fix formatting 2025-05-27 14:43:15 +02:00

README.md

SAST (Static Application Security Testing)

Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/

Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables

Usage

You should add this component to an existing .gitlab-ci.yml file by using the include: keyword.

include:
  - component: gitlab.com/components/sast/sast@<VERSION>

where <VERSION> is the latest released tag or main.

If you are converting the configuration to use components and want to leverage the existing variable $SAST_DISABLED you could conditionally include the component using the variable:

include:
  - component: gitlab.com/components/sast/sast@main
    rules:
      - if: $SAST_DISABLED == "true" || $SAST_DISABLED == "1"
        when: never
      - when: always

Otherwise all SAST jobs will always run when applicable.

This assumes SAST_DISABLED variable is already defined in .gitlab-ci.yml with either 'true' or '1' as the value.

Inputs

Input Default value Description
stage test The stage where you want the job to be added
image_prefix $CI_TEMPLATE_REGISTRY_HOST/security-products Define where all Docker image are pulled from
image_tag 4 Tag of the Docker image to use
image_suffix "" Suffix added to image. If set to -fips, FIPS-enabled images are used for scan. Only used by semgrep analyzer
excluded_analyzers "" Comma separated list of analyzers that should not run
excluded_paths "spec, test, tests, tmp" Comma separated list of paths to exclude
search_max_depth 4 Defines how many directory levels the search for programming languages should span
run_kubesec_sast "false" Set it to "true" to run kubesec-sast job
run_advanced_sast false Set it to true to enable GitLab Advanced SAST
include_experimental "false" Set it to "true" to enable experimental analyzers
ff_glas_enable_php_support "true" Set it to "false" to disable PHP support for GLAS

Contribute

Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components