mirror of
https://gitlab.com/components/sast.git
synced 2025-06-30 07:28:29 +02:00
38 lines
1 KiB
YAML
38 lines
1 KiB
YAML
# Component created based on GitLab's IAC SAST Scanning template
|
|
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/iac_scanning/
|
|
|
|
spec:
|
|
inputs:
|
|
stage:
|
|
default: test
|
|
excluded_paths:
|
|
default: "spec, test, tests, tmp"
|
|
excluded_analyzers:
|
|
default: ""
|
|
image_prefix:
|
|
default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
|
|
image_suffix:
|
|
default: ""
|
|
search_max_depth:
|
|
default: 4
|
|
image_tag:
|
|
default: 6
|
|
|
|
---
|
|
kics-iac-sast:
|
|
stage: $[[ inputs.stage ]]
|
|
image:
|
|
name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
|
|
variables:
|
|
SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
|
|
script:
|
|
- /analyzer run
|
|
artifacts:
|
|
access: 'developer'
|
|
reports:
|
|
sast: gl-sast-report.json
|
|
allow_failure: true
|
|
rules:
|
|
- if: $[[ inputs.excluded_analyzers ]] =~ /kics/
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH
|