Commit 5bfb234e authored by Lucas Charles's avatar Lucas Charles

Refine SAST analyzer language detection by frameworks

Certain SAST scanners rely on frameworks, not just languages
so we should aim for properly detecting those when possible
parent 77612ded
---
title: Refine SAST language detection by frameworks
merge_request: 33226
author:
type: changed
......@@ -63,17 +63,18 @@ describe 'SAST.gitlab-ci.yml' do
'C' | { 'app.c' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C++' | { 'app.cpp' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C#' | { 'app.csproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
'Elixir' | { 'mix.ex' => '' } | {} | %w(sobelow-sast secrets-sast)
'Elixir' | { 'mix.exs' => '' } | {} | %w(sobelow-sast secrets-sast)
'Golang' | { 'main.go' => '' } | {} | %w(gosec-sast secrets-sast)
'Groovy' | { 'app.groovy' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Java' | { 'app.java' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast secrets-sast)
'Javascript Node' | { 'package.json' => '' } | {} | %w(nodejs-scan-sast secrets-sast)
'HTML' | { 'index.html' => '' } | {} | %w(eslint-sast secrets-sast)
'Kubernetes Manifests' | { 'Chart.yaml' => '' } | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast spotbugs-sast secrets-sast)
'PHP' | { 'app.php' => '' } | {} | %w(phpcs-security-audit-sast secrets-sast)
'Python' | { 'app.py' => '' } | {} | %w(bandit-sast secrets-sast)
'Ruby' | { 'application.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Ruby' | { 'config/routes.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Scala' | { 'app.scala' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Typescript' | { 'app.ts' => '' } | {} | %w(tslint-sast secrets-sast)
'Visual Basic' | { 'app.vbproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
......
......@@ -83,7 +83,7 @@ brakeman-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /brakeman/
exists:
- '**/*.rb'
- 'config/routes.rb'
eslint-sast:
extends: .sast-analyzer
......@@ -149,7 +149,7 @@ nodejs-scan-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
exists:
- '**/*.js'
- 'package.json'
phpcs-security-audit-sast:
extends: .sast-analyzer
......@@ -213,8 +213,7 @@ sobelow-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /sobelow/
exists:
- '**/*.ex'
- '**/*.exs'
- 'mix.exs'
spotbugs-sast:
extends: .sast-analyzer
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment