Skip to content

G
gitlab-ce
Commit 5bfb234e authored by Lucas Charles's avatar Lucas Charles
Browse files
Options

Refine SAST analyzer language detection by frameworks 

Certain SAST scanners rely on frameworks, not just languages
so we should aim for properly detecting those when possible
parent 77612ded
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 8 deletions
changelogs/unreleased/218414-refine-sast-analyzer-language-detection.yml 0 → 100644
View file @ 5bfb234e
---
title: Refine SAST language detection by frameworks
merge_request: 33226
author:
type: changed
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
View file @ 5bfb234e
......@@ -63,17 +63,18 @@ describe 'SAST.gitlab-ci.yml' do
'C' | { 'app.c' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C++' | { 'app.cpp' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C#' | { 'app.csproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
'Elixir' | { 'mix.ex' => '' } | {} | %w(sobelow-sast secrets-sast)
'Elixir' | { 'mix.exs' => '' } | {} | %w(sobelow-sast secrets-sast)
'Golang' | { 'main.go' => '' } | {} | %w(gosec-sast secrets-sast)
'Groovy' | { 'app.groovy' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Java' | { 'app.java' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast secrets-sast)
'Javascript Node' | { 'package.json' => '' } | {} | %w(nodejs-scan-sast secrets-sast)
'HTML' | { 'index.html' => '' } | {} | %w(eslint-sast secrets-sast)
'Kubernetes Manifests' | { 'Chart.yaml' => '' } | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast spotbugs-sast secrets-sast)
'PHP' | { 'app.php' => '' } | {} | %w(phpcs-security-audit-sast secrets-sast)
'Python' | { 'app.py' => '' } | {} | %w(bandit-sast secrets-sast)
'Ruby' | { 'application.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Ruby' | { 'config/routes.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Scala' | { 'app.scala' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Typescript' | { 'app.ts' => '' } | {} | %w(tslint-sast secrets-sast)
'Visual Basic' | { 'app.vbproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
......
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
View file @ 5bfb234e
......@@ -83,7 +83,7 @@ brakeman-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /brakeman/
exists:
- '**/*.rb'
- 'config/routes.rb'
eslint-sast:
extends: .sast-analyzer
......@@ -149,7 +149,7 @@ nodejs-scan-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
exists:
- '**/*.js'
- 'package.json'
phpcs-security-audit-sast:
extends: .sast-analyzer
......@@ -213,8 +213,7 @@ sobelow-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /sobelow/
exists:
- '**/*.ex'
- '**/*.exs'
- 'mix.exs'
spotbugs-sast:
extends: .sast-analyzer
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7