Prepare sast CI component for GA

Overview

This issue is used to keep track of all action items resulting from the validation process of the newly created sast CI component in this thread. This happens as part of the dog-fooding of some CI components created by converting existing CI templates into components as we work on compiling a catalog of CI components and prepare them for GA (General Audience).

Issues

1️⃣ SAST_DISABLED

Using the following snippet to disable the sast job as per the component's README does not work:

include:
  - component: gitlab.com/gitlab-components/sast@main
    rules:
      - if: $SAST_DISABLED != "true"

Instead, users of the component need to use when: never in addition to include:rules as follows:

include:
  - component: gitlab.com/gitlab-components/sast@main
    rules:
      - if: $SAST_DISABLED == "true" || $SAST_DISABLED == "1"
        when: never

And also define the variable in their .gitlab-ci.yml file:

variables:
  SAST_DISABLED: 'true'

2️⃣ SECURE_ANALYZERS_PREFIX, SAST_EXCLUDED_ANALYZERS, SAST_ANALYZER_IMAGE_TAG, SAST_IMAGE_SUFFIX, SAST_EXCLUDED_PATHS, SEARCH_MAX_DEPTH, SCAN_KUBERNETES_MANIFESTS, and SAST_EXPERIMENTAL_FEATURES

These variable was removed in favour of using corresponding inputs in line with the guidelines to replace variables with inputs in case they are only used for YAML evaluation and not at runtime:

Variable	Corresponding Input
`SECURE_ANALYZERS_PREFIX`	`image_prefix`
`SAST_EXCLUDED_ANALYZERS`	`excluded_analyzers`
`SAST_ANALYZER_IMAGE_TAG`	`image_tag`
`SAST_IMAGE_SUFFIX`	`image_suffix`
`SAST_EXCLUDED_PATHS`	`excluded_paths`
`SEARCH_MAX_DEPTH`	`search_max_depth`
`SCAN_KUBERNETES_MANIFESTS`	`run_kubesec_sast`
`SAST_EXPERIMENTAL_FEATURES`	`include_experimental`

As a result, we have to update the documentation to reflect that change, and ensure users of both the template and the component are aware of when to use which.

We might want to also update the inputs to be more closer to the variables (e.g. scan_kubernetes_manifests instead of run_kubesec_sast) to ensure consistency and reduce the maintenance burden for the users.

Action Items

Update the component's README to show how to properly use SAST_DISABLED.
- Note: Done via gitlab-components/sast!5 (merged).
Update documentation to ensure:
- Users are aware of variables replaced with inputs and when to use which.
- Users are aware of how to use SAST_DISABLED as shown in the component's README.

Edited Feb 12, 2024 by Ahmed Hemdan