Adherence check - Static Application Security Testing (SAST)

Problem to solve

To adhere to regulatory standards and to provide evidence of compliance, I need to be able to generate a report for auditors detailing the last date/time each of my repositories were scanned by each security scanner. I would leverage this data to also action against projects that are out of compliance to bring them into compliance and ensure that scanners are properly enabled/enforced to run.

Proposal

Add an adherence check for the "GitLab Standard" that checks that Static Application Security Testing (SAST) is enabled on the project.

SAST can be enabled to configure SAST for the current project. For more details, https://docs.gitlab.com/ee/user/application_security/sast/index.html#configure-sast-by-using-the-ui

Implementation plan