Remove SAST_EXCLUDED_PATHS from SAST CI template
Why are we doing this work
A bug(#479820 (closed)) caused Semgrep jobs to scan files already handled by GLAS when SEP was configured.
This happened because the customization of SAST_EXCLUDED_PATHS in the SAST CI template was overridden by the default SEP value, more details.
To fix this, we introduced a new variable, SAST_SEMGREP_EXCLUDED_PATHS, in the SAST CI template.
To avoid a regression in the Semgrep analyzer, we should not remove SAST_EXCLUDED_PATHS until the %19.0 when we release a major version of the analyzer.
Relevant links
In Scan Execution Policies, Semgrep also scans ... (#479820 - closed)
Implementation plan
-
In %19.0, remove the following lines (added in !202167 (merged)) from both
SAST.gitlab-ci.ymlandSAST.latest.gitlab-ci.yml# Customization of SAST_EXCLUDED_PATHS to be removed in 19.0, more details <todo add issue link> SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb, **/*.php"
Edited by Shao Ming Tan