Environment variables to disable SAST analyzers
Problem to solve
In some cases users want to disable specific SAST analyzers because they known these are not compatible with their project. It should be easy to disable some SAST analyzers while still performing SAST analysis on a given project. Also, users willing to disable SAST analyzers shouldn't have to change the job definition of SAST.
Proposal
Introduce environment variables so that users can explicitly disable any SAST analyzer when running SAST. Change the job definition of SAST so that these environment variables are automatically propagated to the sast
command.
Links / references
Edited by Fabien Catteau