Test and fix all remote SAST remote configuration and backport to 16.11
Why are we doing this work?
Security secret detection scan doesn't pick up ... (#425251 - closed) • Ethan Urie, Ahmed Hemdan • 17.0 deals with an issue causing all SAST and IaC analyzers to ignore remote rulesets. Once that has been addressed, the fix must be backported to version 4 of all the SAST/IaC analyzers, so that customers who do not upgrade to %17.0 immediately don't need to upgrade to get the fix.
Implementation Plan
-
Fix custom ruleset issue and apply to analyzers that support passthrough -
Fix bug in ruleset Fix: do not update file passthrough value for l... (gitlab-org/security-products/analyzers/ruleset!34 - merged) • Craig Smith • 17.2 -
Install updated version of ruleset in analyzers that support passthrough:
-
-
Backport Fixes to semgrep by apply the following changes to the v4 branch (this is done by semgrep/!452) - Fix issue where remote rulesets are being ignored (gitlab-org/security-products/analyzers/semgrep!447 - merged) • Craig Smith • 17.2
- Since the above MR upgrades report, hardcode the report version to
15.0.7
Edited by Craig Smith