Bring SAST to Core - brakeman
Full requirements listing in &2098 (closed)
Scope of this issue specifically
brakeman scanning, when Docker-in-Docker is disabled - SAST_DISABLE_DIND = true
Plan
Implementation Plan
-
Update SAST vendored template - MR
- [-] Add code to create
$FEATURES
environment variable from$GITLAB_FEATURES
before it is unset so that we can use it as a feature flag of sorts in the case we need to rollback - [-] Remove check for /sast/ in features for the brakeman analyzers for the DIND-free version.
- [-] Ensure support for downloading artifact
-
Update documentation - MR -
Update license for the repository from EE License
toMIT Expat
- MR -
Ensure rollback plan for brakeman analyzer is viable and ready in case it is needed -
Explicitly stating that we will not be supporting brakeman in Core when Docker-in-Docker is enabled.
Rollback Plan
-
Add check for /sast/ in $FEATURES
to the brakeman analyzer and release new version
Test Plan
-
Test analyzers as a core user
- [-] Verify Capability table from Epic
- [-] Test
$SAST_DISABLE_DIND == 'true'
-
Test analyzers as an ultimate user
- [-] Verify Capability table from Epic
- [-] Test
$SAST_DISABLE_DIND == 'true'
Out of Scope
We will NOT be updating brakeman as part of this issue. That will happen in a subsequent issue once this is completed.
Edited by rossfuhrman