Include Artifacts:Path in SAST Template for Release Evidence

Challenge

GitLab SAST template does not currently include artifacts:path required for capturing release evidence. Due to this, customers have to reference the artifacts:path and artifacts:report in the project yaml to override the templates job, causing duplicate effort and challenges with scalability.

Proposal

Include artifacts:path in all devopsapplication security testing templates so that artifacts can be captured in release evidence similar to how the container scanning template and the dependency scanning template are configured.

Examples of templates missing artifacts:path:

• SAST
• Secret Detection

Implementation plan

• Add artifacts:path to the templates below
  • Code quality
  • SAST IaC
  • SAST IaC latest
  • SAST
  • SAST latest
  • Secret detection
  • Secret detection latest