Add SAST scanning to docs project (!2359) · Merge requests · GitLab.org / GitLab Docs

Marcel Amirault requested to merge add-SAST-scanning into main Jan 13, 2022

Following on from the success of !2352 (merged), let's also add SAST scanning to the project:

Like in the other MR, we have to override the specific scans that will run in this project, so I've renamed .dependency-scanning-overrides to .security-scanning-overrides and reused it for the SAST jobs.
Adds overrides for only the SAST jobs that should run in this pipeline. Also removes overrides for dependency scanning jobs that don't trigger (because we don't have Maven dependencies, etc)
Adds all the Security jobs to a new Security stage.
Sets the eslint-sast job to run only after the site is built, so it can scan the generated HTML files. The rest of the jobs can run immediately due to needs: [].

Edited Jan 13, 2022 by Marcel Amirault

Add SAST scanning to docs project