nodejs-scan-sast semgrep timeout

Summary

nodejs-scan-sast and semgrep-sast both run.

• NodeJsScan's Semgrep Core times out

Need a way to extend timeouts.

Steps to reproduce

1. Add to the pipeline .yaml:

include:
  - template: Security/SAST.gitlab-ci.yml

sast:
  stage: test

2. Trigger the pipeline

The nodejs-sast-scan job will report a variable number of timeouts.

Example Project

N/A

What is the current bug behavior?

See summary.

What is the expected correct behavior?

A way to manually extend the NodeJsScan's timeout is exposed to pipeline end-users.

Relevant logs and/or screenshots

[WARN] [NodeJsScan] ... [/go/src/app/convert.go:71] ▶ njsscan error: Timeout, Semgrep Core WARN - Timeout: When running ...: Run_semgrep.timeout_function:5

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes