diff options
| author | Will Chandler <wchandler@gitlab.com> | 2022-10-06 21:53:50 +0300 |
|---|---|---|
| committer | Will Chandler <wchandler@gitlab.com> | 2022-10-06 21:53:50 +0300 |
| commit | 0822b4bb2067e8a6c3b8f27326de96bdfb7df8aa (patch) | |
| tree | dc2153808817b195c90cdb11cdd313d552ff51c1 | |
| parent | 00a4f875a00d804d23a3bb4f483c6b3745a2b3e5 (diff) | |
ci: Don't move go cache outside of project dirwc/update-sast-ci-dont-move-gomod
With Gosec phased out in favor of the much faster Semgrep-based SAST
scanner, the performance implications of scanning the go cache are
minimal.
Remove the script that moved the `.go` directory outside of the project
directory as it is no longer needed.
| -rw-r--r-- | .gitlab-ci.yml | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9a0865ada..865aa4c6d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -334,18 +334,6 @@ semgrep-sast: needs: [] cache: - *cache_go_configuration - variables: - GOPATH: "/go" - before_script: - # Our pipeline places GOPATH to $CI_PROJECT_DIR/.go so it can be cached. - # This causes gosec-sast to find the module cache and scan all the sources of - # the dependencies as well. This makes the scan time grow massively. This is - # avoided by this job moving the GOPATH outside of the project directory along - # with the cached modules if they were successfully extracted. - # - # SAST_EXCLUDED_PATHS is not sufficient as it only filters out the results but - # still performs the expensive scan. - - if [ -d .go ]; then mv .go $GOPATH; fi rules: - if: $SAST_DISABLED when: never |