Document SAST rust support
Problem to Solve
In Enable Support for Rust in Semgrep Analyzer (gitlab-org/security-products/analyzers/semgrep!414 - merged) • Zachary Yates • 17.1, rust was added as a supported language in the GitLab semgrep analyzer. However, this change only allows customers to start scanning rust custom configurations.
To scan rust customers must:
- Override their SAST CI configuration
- Add custom rust rules
An example customer CI configuration for a semgrep pipeline could be:
include:
- template: Jobs/SAST.gitlab-ci.yml
semgrep-sast:
rules:
- if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
when: never
- if: $CI_COMMIT_BRANCH
exists:
- '**/*.py'
- '**/*.js'
- '**/*.jsx'
- '**/*.ts'
- '**/*.tsx'
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.c++'
- '**/*.cp'
- '**/*.cxx'
- '**/*.go'
- '**/*.java'
- '**/*.html'
- '**/*.cs'
- '**/*.scala'
- '**/*.sc'
- '**/*.php'
- '**/*.swift'
- '**/*.m'
- '**/*.rb'
- '**/*.kt'
- '**/*.rs' #add rust file extension
This functionality is not documented on the SAST documentation page and could lead to customer confusion.
Possible Solution
Add a Scanning Rust applications
to the documentation.
Edited by Craig Smith