Add PHP language support to gitlab-advanced-sast (!21) · Merge requests · GitLab components / SAST · GitLab

What does this MR do and why?

This MR adds configurable PHP file scanning support to gitlab-advanced-sast through a new input parameter ff_glas_enable_php_support.

Key changes:

Added ff_glas_enable_php_support input (default: true) to control PHP scanning behavior
When enabled: gitlab-advanced-sast scans PHP files, semgrep-sast excludes them
When disabled: semgrep-sast continues to scan PHP files (backward compatible)
Refactored template using !reference tags for better maintainability

Usage:

include:
 - component: gitlab.com/components/sast/sast@latest
   inputs:
     run_advanced_sast: true
     ff_glas_enable_php_support: false  # Optional: disable PHP scanning in Advanced SAST

References

https://gitlab.com/gitlab-org/gitlab/-/issues/523657+s

Manual QA

Before

Project: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component
Pipeline: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component/-/pipelines/1736011450

After `ff_glas_enable_php_support: false`

Project: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component
Pipeline: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component/-/pipelines/1833380752

After `ff_glas_enable_php_support: true`

Project: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component
Pipeline: https://gitlab.com/philipcunningham/manual-qa-glas-php-ci-component/-/pipelines/1833410544

Edited May 23, 2025 by Philip Cunningham