Add note about rules:exists syntax

e79c3b8d · Russell Dickenson · Nick Gaskill · 7dc38e15 · e79c3b8d
Commit e79c3b8d authored Oct 05, 2020 by Russell Dickenson Committed by Nick Gaskill Oct 05, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

doc/user/application_security/sast/index.md doc/user/application_security/sast/index.md +9 -0

No files found.
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -554,3 +554,12 @@ affected. Read more in
 ### Getting warning message `gl-sast-report.json: no matching files`

 For information on this, see the [general Application Security troubleshooting section](../../../ci/pipelines/job_artifacts.md#error-message-no-files-to-upload).
+
+### Limitation when using rules:exists
+
+The [SAST CI template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
+uses the `rules:exists` parameter. For performance reasons, a maximum number of matches are made
+against the given glob pattern. If the number of matches exceeds the maximum, the `rules:exists`
+parameter returns `true`. Depending on the number of files in your repository, a SAST job might be
+triggered even if the scanner doesn't support your project. For more details about this issue, see
+the [`rules:exists` documentation](../../../ci/yaml/README.md#rulesexists).