| ... | @@ -50,7 +50,7 @@ sast: |
... | @@ -50,7 +50,7 @@ sast: |
|
|
- $SAST_DISABLED
|
|
- $SAST_DISABLED
|
|
|
- $SAST_DISABLE_DIND == 'true'
|
|
- $SAST_DISABLE_DIND == 'true'
|
|
|
|
|
|
|
|
.analyzer:
|
|
.sast-analyzer:
|
|
|
extends: sast
|
|
extends: sast
|
|
|
services: []
|
|
services: []
|
|
|
except:
|
|
except:
|
| ... | @@ -60,7 +60,7 @@ sast: |
... | @@ -60,7 +60,7 @@ sast: |
|
|
- /analyzer run
|
|
- /analyzer run
|
|
|
|
|
|
|
|
bandit-sast:
|
|
bandit-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -70,7 +70,7 @@ bandit-sast: |
... | @@ -70,7 +70,7 @@ bandit-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/
|
|
|
|
|
|
|
|
brakeman-sast:
|
|
brakeman-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -80,7 +80,7 @@ brakeman-sast: |
... | @@ -80,7 +80,7 @@ brakeman-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/
|
|
|
|
|
|
|
|
eslint-sast:
|
|
eslint-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -90,7 +90,7 @@ eslint-sast: |
... | @@ -90,7 +90,7 @@ eslint-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
|
|
|
|
|
|
|
flawfinder-sast:
|
|
flawfinder-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -100,7 +100,7 @@ flawfinder-sast: |
... | @@ -100,7 +100,7 @@ flawfinder-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c)\b/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c)\b/
|
|
|
|
|
|
|
|
kubesec-sast:
|
|
kubesec-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -110,7 +110,7 @@ kubesec-sast: |
... | @@ -110,7 +110,7 @@ kubesec-sast: |
|
|
$SCAN_KUBERNETES_MANIFESTS == 'true'
|
|
$SCAN_KUBERNETES_MANIFESTS == 'true'
|
|
|
|
|
|
|
|
gosec-sast:
|
|
gosec-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -120,7 +120,7 @@ gosec-sast: |
... | @@ -120,7 +120,7 @@ gosec-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bgo\b/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bgo\b/
|
|
|
|
|
|
|
|
nodejs-scan-sast:
|
|
nodejs-scan-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -130,7 +130,7 @@ nodejs-scan-sast: |
... | @@ -130,7 +130,7 @@ nodejs-scan-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
|
|
|
|
|
|
|
phpcs-security-audit-sast:
|
|
phpcs-security-audit-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -140,7 +140,7 @@ phpcs-security-audit-sast: |
... | @@ -140,7 +140,7 @@ phpcs-security-audit-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/
|
|
|
|
|
|
|
|
pmd-apex-sast:
|
|
pmd-apex-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -150,7 +150,7 @@ pmd-apex-sast: |
... | @@ -150,7 +150,7 @@ pmd-apex-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/
|
|
|
|
|
|
|
|
secrets-sast:
|
|
secrets-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -159,7 +159,7 @@ secrets-sast: |
... | @@ -159,7 +159,7 @@ secrets-sast: |
|
|
$SAST_DEFAULT_ANALYZERS =~ /secrets/
|
|
$SAST_DEFAULT_ANALYZERS =~ /secrets/
|
|
|
|
|
|
|
|
security-code-scan-sast:
|
|
security-code-scan-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -169,7 +169,7 @@ security-code-scan-sast: |
... | @@ -169,7 +169,7 @@ security-code-scan-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\#|visual basic\b)/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\#|visual basic\b)/
|
|
|
|
|
|
|
|
sobelow-sast:
|
|
sobelow-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -179,7 +179,7 @@ sobelow-sast: |
... | @@ -179,7 +179,7 @@ sobelow-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/
|
|
|
|
|
|
|
|
spotbugs-sast:
|
|
spotbugs-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | @@ -189,7 +189,7 @@ spotbugs-sast: |
... | @@ -189,7 +189,7 @@ spotbugs-sast: |
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /java\b/
|
|
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /java\b/
|
|
|
|
|
|
|
|
tslint-sast:
|
|
tslint-sast:
|
|
|
extends: .analyzer
|
|
extends: .sast-analyzer
|
|
|
image:
|
|
image:
|
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
|
|
name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
|
|
|
only:
|
|
only:
|
| ... | |
... | |
| ... | | ... | |