Refine SAST analyzer detection beyond base language

Problem to solve

Our SAST templates match on filetype, but our analyzers have more refined compatibilities; i.e. brakeman is Rails (not ruby) specific. We should update our rules detection accordingly

Intended users

Delaney (Development Team Lead)
Sasha (Software Developer)

User experience goal

Less failed/unneeded SAST jobs due to incompatibility

Proposal

Update rules logic for relevant sast jobs

Further details

Relevant analyzers:

brakeman-sast should rely on Rails detection config/routes.rb
nodejs-scan-sast should rely on package.json detection
sobelow-sast should rely on mix.exs detection

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

GitLab Ultimate

Is this a cross-stage feature?

Links / references

Edited May 27, 2020 by Lucas Charles