Replace SAST job definition with a vendored template
Problem to solve
Job definition for ~sast is frozen, and can't be easily updated without creating breaking changes.
Further details
With https://gitlab.com/gitlab-org/gitlab-ce/issues/53445, we'll be able to ship a template embedded with each version of GitLab. The template can be updated from one version to another, without impacting our users.
Proposal
The new official job definition is a single inclusion instruction:
include:
template: SAST.gitlab-ci.yml
(see the discussion and final syntax)
Links / references
Execution
-
Add the SAST.gitlab-ci.yml
with the contents from the example to the templates dir underSecurity
subdir -
Test in the development environment on a test project -
Update the ~Documentation for the SAST CI configuration -
docs page, see https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9875 -
security products release process (update a link in the section about vendored templates check)
-
Edited by Victor Zagorodny