diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
commit | 3cccd102ba543e02725d247893729e5c73b38295 (patch) | |
tree | f36a04ec38517f5deaaacb5acc7d949688d1e187 /lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml | |
parent | 205943281328046ef7b4528031b90fbda70c75ac (diff) |
Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42
Diffstat (limited to 'lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml')
-rw-r--r-- | lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 8cc9ea0200c..7415fa3104c 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/security-products" + SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_ANALYZERS: "" SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" @@ -101,7 +102,11 @@ flawfinder-sast: - if: $CI_COMMIT_BRANCH exists: - '**/*.c' + - '**/*.cc' - '**/*.cpp' + - '**/*.c++' + - '**/*.cp' + - '**/*.cxx' kubesec-sast: extends: .sast-analyzer @@ -246,8 +251,9 @@ semgrep-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: + SEARCH_MAX_DEPTH: 20 SAST_ANALYZER_IMAGE_TAG: 2 - SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG" + SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - if: $SAST_DISABLED when: never @@ -262,6 +268,7 @@ semgrep-sast: - '**/*.tsx' - '**/*.c' - '**/*.go' + - '**/*.java' sobelow-sast: extends: .sast-analyzer |