Add SAST scanning to docs project
Following on from the success of !2352 (merged), let's also add SAST scanning to the project:
- Like in the other MR, we have to override the specific scans that will run in this project, so I've renamed
.dependency-scanning-overrides
to.security-scanning-overrides
and reused it for the SAST jobs. - Adds overrides for only the SAST jobs that should run in this pipeline. Also removes overrides for dependency scanning jobs that don't trigger (because we don't have Maven dependencies, etc)
- Adds all the Security jobs to a new Security stage.
- Sets the
eslint-sast
job to run only after the site is built, so it can scan the generated HTML files. The rest of the jobs can run immediately due toneeds: []
.
Edited by Marcel Amirault