SAST rules for manual non-blocking jobs
Is there a way to include SAST template in CI and make all SAST jobs non-blocking manual?
There are a couple of ways / workarounds I tried.
Just including SAST template and overriding rules does not work. If I put
.sast-analyzer:
rules:
- when: manual
allow_failure: true
it has no effect.
Perhaps, because of the way deep merge works on rules
section, and the order of include
s.
If I put lots of individual SAST jobs like this
brakeman-sast:
rules:
- when: manual
allow_failure: true
it's even worse.
This way I seem to completely override rules
, including the part that matches file extensions.
So I have all possible SAST jobs and I had to duplicate all of that for all jobs.
For now I just copied template SAST, modified manually the rules for each job and include it my CI.
Is it how it is supposed to be? Is this really the best way to achieve it?
Edited by Taylor McCaslin