diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-13 15:10:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-13 15:10:15 +0300 |
commit | 2d027c892abf04bbe74d15f205376a27f7107d55 (patch) | |
tree | 25b5424c79000a48248df8a28272b1691788385a | |
parent | 19197d7806afe14fa971c7ce1d107679e26c8a8c (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | doc/user/application_security/sast/index.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index ac877fde034..da9b09e92c1 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -239,6 +239,24 @@ spotbugs-sast: FAIL_NEVER: 1 ``` +#### Pinning to minor image version + +While our templates use `MAJOR` version pinning to always ensure the latest analyzer +versions are pulled, there are certain cases where it can be beneficial to pin +an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable +in the job template directly. + +In the example below, we are pinning to a specific patch version of the `spotbugs` analyzer: + +```yaml +include: + - template: Security/SAST.gitlab-ci.yml + +spotbugs-sast: + variables: + SAST_ANALYZER_IMAGE_TAG: "2.28.1" +``` + ### Customize rulesets **(ULTIMATE)** > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/235382) in GitLab 13.5. |