No QA for SAST in master branch of test projects
Summary
There's no QA job for SAST in the pipelines of the test projects where SAST has been set up, in the master
branch. That's because SAST_DISABLE_DIND
is now true
by default, and the pipeline has multiple SAST jobs, but there's only one single QA job that won't work in no-DinD mode. SAST_DISABLE_DIND
has to be forced to false
so that the master
branch checks SAST in DinD mode.
See #218554 (closed) for similar issue affecting Dependency Scanning.
Steps to reproduce
trigger a pipeline for the master
branch of a test project and look for qa-sast
jobs
Example Project
https://gitlab.com/gitlab-org/security-products/tests/java-maven-multimodules/pipelines/148729756
What is the current bug behavior?
no SAST QA job
What is the expected correct behavior?
successful SAST QA job
Relevant logs and/or screenshots
https://gitlab.com/gitlab-org/security-products/tests/java-maven-multimodules/pipelines/148729756
Possible fixes
Force SAST_DISABLE_DIND
to false
in the master
branch of the test projects where SAST has been set up.
Alternatively, this can be set at the group level for the time being, until we merge the We cannot set the variable at the group level because it takes precedence over the variable defines in the CI configuration file, in the no_dind-FREEZE
branches into master.no_dind-FREEZE
branch.