Environment variables to disable SAST analyzers

Problem to solve

In some cases users want to disable specific SAST analyzers because they known these are not compatible with their project. It should be easy to disable some SAST analyzers while still performing SAST analysis on a given project. Also, users willing to disable SAST analyzers shouldn't have to change the job definition of SAST.

Proposal

Introduce environment variables so that users can explicitly disable any SAST analyzer when running SAST. Change the job definition of SAST so that these environment variables are automatically propagated to the sast command.

Links / references