Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a9e72d97
Commit
a9e72d97
authored
May 05, 2020
by
Lucas Charles
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Migrate SAST CI template to rules syntax
Relates to
https://gitlab.com/gitlab-org/gitlab/-/issues/36548
parent
ae05ca54
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
150 additions
and
101 deletions
+150
-101
changelogs/unreleased/e2300-sast-template.yml
changelogs/unreleased/e2300-sast-template.yml
+5
-0
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
+24
-22
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+121
-79
No files found.
changelogs/unreleased/e2300-sast-template.yml
0 → 100644
View file @
a9e72d97
---
title
:
Migrate SAST CI template to rules syntax
merge_request
:
31127
author
:
type
:
changed
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
View file @
a9e72d97
...
@@ -8,7 +8,8 @@ describe 'SAST.gitlab-ci.yml' do
...
@@ -8,7 +8,8 @@ describe 'SAST.gitlab-ci.yml' do
describe
'the created pipeline'
do
describe
'the created pipeline'
do
let
(
:user
)
{
create
(
:admin
)
}
let
(
:user
)
{
create
(
:admin
)
}
let
(
:default_branch
)
{
'master'
}
let
(
:default_branch
)
{
'master'
}
let
(
:project
)
{
create
(
:project
,
:custom_repo
,
files:
{
'README.txt'
=>
''
})
}
let
(
:files
)
{
{
'README.txt'
=>
''
}
}
let
(
:project
)
{
create
(
:project
,
:custom_repo
,
files:
files
)
}
let
(
:service
)
{
Ci
::
CreatePipelineService
.
new
(
project
,
user
,
ref:
'master'
)
}
let
(
:service
)
{
Ci
::
CreatePipelineService
.
new
(
project
,
user
,
ref:
'master'
)
}
let
(
:pipeline
)
{
service
.
execute!
(
:push
)
}
let
(
:pipeline
)
{
service
.
execute!
(
:push
)
}
let
(
:build_names
)
{
pipeline
.
builds
.
pluck
(
:name
)
}
let
(
:build_names
)
{
pipeline
.
builds
.
pluck
(
:name
)
}
...
@@ -48,33 +49,34 @@ describe 'SAST.gitlab-ci.yml' do
...
@@ -48,33 +49,34 @@ describe 'SAST.gitlab-ci.yml' do
end
end
end
end
context
'when SAST_DISABLE_DIND=
1
'
do
context
'when SAST_DISABLE_DIND=
true
'
do
before
do
before
do
create
(
:ci_variable
,
project:
project
,
key:
'SAST_DISABLE_DIND'
,
value:
'
1
'
)
create
(
:ci_variable
,
project:
project
,
key:
'SAST_DISABLE_DIND'
,
value:
'
true
'
)
end
end
describe
'language detection'
do
describe
'language detection'
do
using
RSpec
::
Parameterized
::
TableSyntax
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:case_name
,
:variables
,
:include_build_names
)
do
where
(
:case_name
,
:files
,
:variables
,
:include_build_names
)
do
'No match'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
""
}
|
%w(secrets-sast)
'No match'
|
{
'README.md'
=>
''
}
|
{}
|
%w(secrets-sast)
'Apex'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"apex"
}
|
%w(pmd-apex-sast secrets-sast)
'Apex'
|
{
'app.cls'
=>
''
}
|
{}
|
%w(pmd-apex-sast secrets-sast)
'C'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"c"
}
|
%w(flawfinder-sast secrets-sast)
'C'
|
{
'app.c'
=>
''
}
|
{}
|
%w(flawfinder-sast secrets-sast)
'C++'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"c++"
}
|
%w(flawfinder-sast secrets-sast)
'C++'
|
{
'app.cpp'
=>
''
}
|
{}
|
%w(flawfinder-sast secrets-sast)
'C#'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"c#"
}
|
%w(security-code-scan-sast secrets-sast)
'C#'
|
{
'app.csproj'
=>
''
}
|
{}
|
%w(security-code-scan-sast secrets-sast)
'Elixir'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"elixir"
}
|
%w(sobelow-sast secrets-sast)
'Elixir'
|
{
'mix.ex'
=>
''
}
|
{}
|
%w(sobelow-sast secrets-sast)
'Golang'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"go"
}
|
%w(gosec-sast secrets-sast)
'Golang'
|
{
'main.go'
=>
''
}
|
{}
|
%w(gosec-sast secrets-sast)
'Groovy'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"groovy"
}
|
%w(spotbugs-sast secrets-sast)
'Groovy'
|
{
'app.groovy'
=>
''
}
|
{}
|
%w(spotbugs-sast secrets-sast)
'Java'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"java"
}
|
%w(spotbugs-sast secrets-sast)
'Java'
|
{
'app.java'
=>
''
}
|
{}
|
%w(spotbugs-sast secrets-sast)
'Javascript'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"javascript"
}
|
%w(eslint-sast nodejs-scan-sast secrets-sast)
'Javascript'
|
{
'app.js'
=>
''
}
|
{}
|
%w(eslint-sast nodejs-scan-sast secrets-sast)
'Kubernetes Manifests'
|
{
"SCAN_KUBERNETES_MANIFESTS"
=>
"true"
}
|
%w(kubesec-sast secrets-sast)
'HTML'
|
{
'index.html'
=>
''
}
|
{}
|
%w(eslint-sast secrets-sast)
'Multiple languages'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"java,javascript"
}
|
%w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
'Kubernetes Manifests'
|
{
'Chart.yaml'
=>
''
}
|
{
'SCAN_KUBERNETES_MANIFESTS'
=>
'true'
}
|
%w(kubesec-sast secrets-sast)
'PHP'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"php"
}
|
%w(phpcs-security-audit-sast secrets-sast)
'Multiple languages'
|
{
'app.java'
=>
''
,
'app.js'
=>
''
}
|
{}
|
%w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
'Python'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"python"
}
|
%w(bandit-sast secrets-sast)
'PHP'
|
{
'app.php'
=>
''
}
|
{}
|
%w(phpcs-security-audit-sast secrets-sast)
'Ruby'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"ruby"
}
|
%w(brakeman-sast secrets-sast)
'Python'
|
{
'app.py'
=>
''
}
|
{}
|
%w(bandit-sast secrets-sast)
'Scala'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"scala"
}
|
%w(spotbugs-sast secrets-sast)
'Ruby'
|
{
'application.rb'
=>
''
}
|
{}
|
%w(brakeman-sast secrets-sast)
'Typescript'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"typescript"
}
|
%w(tslint-sast secrets-sast)
'Scala'
|
{
'app.scala'
=>
''
}
|
{}
|
%w(spotbugs-sast secrets-sast)
'Visual Basic'
|
{
"CI_PROJECT_REPOSITORY_LANGUAGES"
=>
"visual basic"
}
|
%w(security-code-scan-sast secrets-sast)
'Typescript'
|
{
'app.ts'
=>
''
}
|
{}
|
%w(tslint-sast secrets-sast)
'Visual Basic'
|
{
'app.vbproj'
=>
''
}
|
{}
|
%w(security-code-scan-sast secrets-sast)
end
end
with_them
do
with_them
do
...
...
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
View file @
a9e72d97
...
@@ -17,11 +17,10 @@ sast:
...
@@ -17,11 +17,10 @@ sast:
artifacts
:
artifacts
:
reports
:
reports
:
sast
:
gl-sast-report.json
sast
:
gl-sast-report.json
only
:
rules
:
refs
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'true'
-
branches
when
:
never
variables
:
-
if
:
$CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bsast\b/
-
$GITLAB_FEATURES =~ /\bsast\b/
image
:
docker:stable
image
:
docker:stable
variables
:
variables
:
SEARCH_MAX_DEPTH
:
4
SEARCH_MAX_DEPTH
:
4
...
@@ -42,18 +41,15 @@ sast:
...
@@ -42,18 +41,15 @@ sast:
--volume "$PWD:/code" \
--volume "$PWD:/code" \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume /var/run/docker.sock:/var/run/docker.sock \
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_ANALYZER_IMAGE_TAG" /app/bin/run /code
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_ANALYZER_IMAGE_TAG" /app/bin/run /code
except
:
variables
:
-
$SAST_DISABLED
-
$SAST_DISABLE_DIND == 'true'
.sast-analyzer
:
.sast-analyzer
:
extends
:
sast
extends
:
sast
services
:
[]
services
:
[]
except
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$SAST_DISABLED
when
:
never
-
$SAST_DISABLE_DIND == 'false'
-
if
:
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast\b/
script
:
script
:
-
/analyzer run
-
/analyzer run
...
@@ -61,49 +57,65 @@ bandit-sast:
...
@@ -61,49 +57,65 @@ bandit-sast:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /bandit/&&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bpython\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /bandit/
exists
:
-
'
**/*.py'
brakeman-sast
:
brakeman-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /brakeman/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bruby\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /brakeman/
exists
:
-
'
**/*.rb'
eslint-sast
:
eslint-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /eslint/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjavascript\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /eslint/
exists
:
-
'
**/*.html'
-
'
**/*.js'
flawfinder-sast
:
flawfinder-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /flawfinder/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /(c(\+\+)?,)|(c(\+\+)?$)/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /flawfinder/
exists
:
-
'
**/*.c'
-
'
**/*.cpp'
kubesec-sast
:
kubesec-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
-
if
:
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /kubesec/ &&
$SAST_DEFAULT_ANALYZERS =~ /kubesec/ &&
$SCAN_KUBERNETES_MANIFESTS == 'true'
$SCAN_KUBERNETES_MANIFESTS == 'true'
...
@@ -111,87 +123,117 @@ gosec-sast:
...
@@ -111,87 +123,117 @@ gosec-sast:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /gosec/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bgo\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /gosec/
exists
:
-
'
**/*.go'
nodejs-scan-sast
:
nodejs-scan-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjavascript\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
exists
:
-
'
**/*.js'
phpcs-security-audit-sast
:
phpcs-security-audit-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bphp\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/
exists
:
-
'
**/*.php'
pmd-apex-sast
:
pmd-apex-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /pmd-apex/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bapex\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /pmd-apex/
exists
:
-
'
**/*.cls'
secrets-sast
:
secrets-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
-
if
:
$CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /secrets/
$SAST_DEFAULT_ANALYZERS =~ /secrets/
security-code-scan-sast
:
security-code-scan-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /security-code-scan/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\#|visual basic\b)/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /security-code-scan/
exists
:
-
'
**/*.csproj'
-
'
**/*.vbproj'
sobelow-sast
:
sobelow-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /sobelow/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\belixir\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /sobelow/
exists
:
-
'
**/*.ex'
-
'
**/*.exs'
spotbugs-sast
:
spotbugs-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /spotbugs/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(groovy|java|scala)\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /spotbugs/
exists
:
-
'
**/*.groovy'
-
'
**/*.java'
-
'
**/*.scala'
tslint-sast
:
tslint-sast
:
extends
:
.sast-analyzer
extends
:
.sast-analyzer
image
:
image
:
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
name
:
"
$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
only
:
rules
:
variables
:
-
if
:
$SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
-
$GITLAB_FEATURES =~ /\bsast\b/ &&
when
:
never
$SAST_DEFAULT_ANALYZERS =~ /tslint/ &&
-
if
:
$CI_COMMIT_BRANCH &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\btypescript\b/
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /tslint/
exists
:
-
'
**/*.ts'
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
