Skip to content

G
gitlab-ce
Commit bb73ad65 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu
Browse files
Options

Merge branch '218414-refine-sast-analyzer-language-detection' into 'master' 

Refine SAST analyzer detection beyond base language

See merge request gitlab-org/gitlab!33226
parents 588bb2c3 5bfb234e
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 8 deletions
changelogs/unreleased/218414-refine-sast-analyzer-language-detection.yml 0 → 100644
View file @ bb73ad65
---
title: Refine SAST language detection by frameworks
merge_request: 33226
author:
type: changed
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
View file @ bb73ad65
......@@ -63,17 +63,18 @@ describe 'SAST.gitlab-ci.yml' do
'C' | { 'app.c' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C++' | { 'app.cpp' => '' } | {} | %w(flawfinder-sast secrets-sast)
'C#' | { 'app.csproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
'Elixir' | { 'mix.ex' => '' } | {} | %w(sobelow-sast secrets-sast)
'Elixir' | { 'mix.exs' => '' } | {} | %w(sobelow-sast secrets-sast)
'Golang' | { 'main.go' => '' } | {} | %w(gosec-sast secrets-sast)
'Groovy' | { 'app.groovy' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Java' | { 'app.java' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast secrets-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast secrets-sast)
'Javascript Node' | { 'package.json' => '' } | {} | %w(nodejs-scan-sast secrets-sast)
'HTML' | { 'index.html' => '' } | {} | %w(eslint-sast secrets-sast)
'Kubernetes Manifests' | { 'Chart.yaml' => '' } | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast nodejs-scan-sast spotbugs-sast secrets-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast spotbugs-sast secrets-sast)
'PHP' | { 'app.php' => '' } | {} | %w(phpcs-security-audit-sast secrets-sast)
'Python' | { 'app.py' => '' } | {} | %w(bandit-sast secrets-sast)
'Ruby' | { 'application.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Ruby' | { 'config/routes.rb' => '' } | {} | %w(brakeman-sast secrets-sast)
'Scala' | { 'app.scala' => '' } | {} | %w(spotbugs-sast secrets-sast)
'Typescript' | { 'app.ts' => '' } | {} | %w(tslint-sast secrets-sast)
'Visual Basic' | { 'app.vbproj' => '' } | {} | %w(security-code-scan-sast secrets-sast)
......
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
View file @ bb73ad65
......@@ -83,7 +83,7 @@ brakeman-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /brakeman/
exists:
- '**/*.rb'
- 'config/routes.rb'
eslint-sast:
extends: .sast-analyzer
......@@ -149,7 +149,7 @@ nodejs-scan-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
exists:
- '**/*.js'
- 'package.json'
phpcs-security-audit-sast:
extends: .sast-analyzer
......@@ -213,8 +213,7 @@ sobelow-sast:
$GITLAB_FEATURES =~ /\bsast\b/ &&
$SAST_DEFAULT_ANALYZERS =~ /sobelow/
exists:
- '**/*.ex'
- '**/*.exs'
- 'mix.exs'
spotbugs-sast:
extends: .sast-analyzer
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7