Commit 1018e48f authored by Russell Dickenson's avatar Russell Dickenson Committed by Nick Gaskill

Improved SAST docs per feedback

parent 5cd0e567
...@@ -145,10 +145,10 @@ CAUTION: **Deprecation:** ...@@ -145,10 +145,10 @@ CAUTION: **Deprecation:**
Beginning in GitLab 13.0, the use of [`only` and `except`](../../../ci/yaml/README.md#onlyexcept-basic) Beginning in GitLab 13.0, the use of [`only` and `except`](../../../ci/yaml/README.md#onlyexcept-basic)
is no longer supported. When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules) instead. is no longer supported. When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules) instead.
If you want to override a job definition (for example, change properties like To override a job definition, (for example, change properties like `variables` or `dependencies`),
`variables` or `dependencies`), you need to declare a job with the same name as the SAST job to override, after the declare a job with the same name as the SAST job to override. Place this new job after the template
template inclusion and specify any additional keys under it. inclusion and specify any additional keys under it. For example, this enables `FAIL_NEVER` for the
For example, this enables `FAIL_NEVER` for the `spotbugs` analyzer: `spotbugs` analyzer:
```yaml ```yaml
include: include:
...@@ -176,19 +176,22 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m ...@@ -176,19 +176,22 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m
### Enabling Docker-in-Docker ### Enabling Docker-in-Docker
If needed, you can restore the behavior of SAST prior to %13.0 by enabling back Docker-in-Docker. If needed, you can enable Docker-in-Docker to restore the SAST behavior that existed prior to GitLab
You need GitLab Runner with the [`docker`](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode), and the variable `SAST_DISABLE_DIND` set to `false`: 13.0. Follow these steps to do so:
```yaml 1. Configure GitLab Runner with Docker-inDocker in [privileged mode](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode).
include: 1. Set the variable `SAST_DISABLE_DIND` set to `false`:
- template: SAST.gitlab-ci.yml
variables: ```yaml
SAST_DISABLE_DIND: "false" include:
``` - template: SAST.gitlab-ci.yml
variables:
SAST_DISABLE_DIND: "false"
```
This will create a single `sast` job in your CI/CD pipeline This creates a single `sast` job in your CI/CD pipeline instead of multiple `<analyzer-name>-sast`
instead of multiple `<analyzer-name>-sast` jobs. jobs.
#### Enabling Kubesec analyzer #### Enabling Kubesec analyzer
...@@ -545,7 +548,7 @@ security reports without requiring internet access. ...@@ -545,7 +548,7 @@ security reports without requiring internet access.
### Error response from daemon: error processing tar file: docker-tar: relocation error ### Error response from daemon: error processing tar file: docker-tar: relocation error
This error occurs when the Docker version used to run the SAST job is `19.03.0`. This error occurs when the Docker version that runs the SAST job is `19.03.0`.
Consider updating to Docker `19.03.1` or greater. Older versions are not Consider updating to Docker `19.03.1` or greater. Older versions are not
affected. Read more in affected. Read more in
[this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails"). [this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails").
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment