Update parsing of *_DISABLED variables in Secure vendored templates
Summary
For the Secure scanners, there are *_DISABLED
variables that can be set to disable the job. SAST, for example: SAST_DISABLED: "true"
Setting the value to false does not work as expected, and the job will get disabled anyway.
*.latest.gitlab-ci.yml
files and corresponding specs
Update the -
groupcomposition analysis - Composition Analysis: Update parsing of *_DISAB... (!116033 - merged) • rossfuhrman • 15.11 -
groupdynamic analysis - Dynamic Analysis: Update parsing of *_DISABLED ... (!115576 - merged) • rossfuhrman AND Dynamic Analysis: Update parsing of *_DISABLED ... (!118232 - merged) • rossfuhrman • 16.0 -
groupstatic analysis - Static Analysis: Update parsing of *_DISABLED v... (!111858 - merged) • rossfuhrman • 15.10
%16.0) after Transition latest security templates to stable ... (#388988 - closed) is merged
Update the docs (in-
groupcomposition analysis - Doc updates for Secure *_DISABLED variables (!117920 - merged) • rossfuhrman • 16.0 -
groupdynamic analysis - same as above -
groupstatic analysis - same as above
Steps to reproduce
This can be tested in the project settings under CI/Cd variables by adding the variable
It can also be tested by adding the variable in a GitLab CI yml file
Or test it from within a compliance pipeline by adding the variable there
What is the current bug behavior?
Regardless of setting of the variable the job will always get disabled (prevented from running)
Job does not run even when variable is set to false
What is the expected correct behavior?
When job is set to false the job should run
When entered in a compliance pipeline one will want to use this setting to prevent a user from disabling the job in the project