mirror of
https://gitlab.com/components/sast.git
synced 2025-06-30 07:28:29 +02:00
Static Application Security Testing (SAST) checks your source code for known vulnerabilities.
| README.md | ||
| template.yml | ||
SAST (Static Application Security Testing)
Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
Usage
You should add this component to an existing .gitlab-ci.yml file by using the include:
keyword.
include:
- component: gitlab.com/gitlab-components/sast@<VERSION>
where <VERSION> is the latest released tag or main.
Inputs
| Input | Default value | Description |
|---|---|---|
stage |
test |
The stage where you want the job to be added |
image_prefix |
$CI_TEMPLATE_REGISTRY_HOST/security-products |
Define where all Docker image are pulled from |
image_tag |
3 |
Tag of the Docker image to use |
image_suffix |
"" |
Used by semgrep-sast job only |
excluded_analyzers |
"" |
Comma separated list of analyzers that should not run |
excluded_paths |
"spec, test, tests, tmp" |
Comma separated list of paths to exclude |
search_max_depth |
4 |
Defines how many directory levels the search for programming languages should span |
run_kubesec_sast |
"false" |
Set it to "true" to run kubesec-sast job |
Variables
| Variable | Default value | Description |
|---|---|---|
SAST_DISABLED |
not set | Set to true to avoid running any SAST jobs |
ToDos
- Move the use of
SAST_DISABLEDto theinclude:
include:
- component: gitlab.com/gitlab-components/sast@main
inputs: { ... }
rules:
- if: $SAST_DISABLED != "true"