Feature to exclude lines of code in SAST scans
Release notes
Ability to exclude lines of code in vulnerability report for all SAST scanner.
Problem to solve
Currently, we have the SAST_EXCLUDED_PATHS environment variable to exclude results from certain file or directory. However, it would be better to also have an ability to specify lines of code for a more fine-grain approach.
Proposal
It might be difficult to implement this, but one way to do this is to have a certain file in the repository, which GitLab would parse to detect which lines of code it will remove from the final output of the vulnerability report.
The file would contain the full file path and the line of code that we want to exclude the vulnerabilities from.