From ceee8ff17d4e938ecab2aa0d3e7b74371130705e Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Tue, 30 Jul 2024 23:28:29 +0300 Subject: [PATCH 1/9] Revert "Revert changes in stable template" This reverts commit b70495596aaedd2738c95c81b8d8acb212c83009. --- .../processor_spec.rb | 6 +- .../ci/templates/sast_gitlab_ci_yaml_spec.rb | 72 +++++++++++++++++++ .../ci_action/template_spec.rb | 4 +- .../ci/templates/Jobs/SAST.gitlab-ci.yml | 66 ++++++++++++++++- .../sast_parser_service_spec.rb | 7 +- 5 files changed, 145 insertions(+), 10 deletions(-) diff --git a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb index 3eeeb7ea15f66fdf..583616e7e2519ced 100644 --- a/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb +++ b/ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb @@ -361,6 +361,8 @@ '**/*.jsx', '**/*.ts', '**/*.tsx', + '**/*.cjs', + '**/*.mjs', '**/*.c', '**/*.cc', '**/*.cpp', @@ -378,9 +380,7 @@ '**/*.swift', '**/*.m', '**/*.rb', - '**/*.kt', - '**/*.cjs', - '**/*.mjs' + '**/*.kt' ] } ] ) diff --git a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb index a5d06febbdfa3203..e48451d26d097d11 100644 --- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb +++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb @@ -48,6 +48,10 @@ end context 'by default' do + it "doesn't include gitlab-advanced-sast" do + expect(build_names).not_to include('gitlab-advanced-sast') + end + describe 'language detection' do using RSpec::Parameterized::TableSyntax @@ -89,5 +93,73 @@ end end end + + context 'when project has Ultimate license' do + let(:license) { build(:license, plan: License::ULTIMATE_PLAN) } + + before do + allow(License).to receive(:current).and_return(license) + end + + context 'when GITLAB_ADVANCED_SAST_ENABLED is not set' do + it "doesn't include gitlab-advanced-sast" do + expect(build_names).not_to include('gitlab-advanced-sast') + end + end + + context 'when GITLAB_ADVANCED_SAST_ENABLED="false"' do + before do + create(:ci_variable, project: project, key: 'GITLAB_ADVANCED_SAST_ENABLED', value: 'false') + end + + it "doesn't include gitlab-advanced-sast" do + expect(build_names).not_to include('gitlab-advanced-sast') + end + end + + describe 'language detection' do + using RSpec::Parameterized::TableSyntax + + where(:case_name, :files, :variables, :jobs) do + 'Golang with advanced SAST' | { 'main.go' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Java with advanced SAST' | { 'app.java' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Python with advanced SAST' | { 'app.js' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Javascript with advanced SAST' | { 'app.cs' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'C# with advanced SAST' | { 'app.py' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Ruby with advanced SAST' | { 'config/routes.rb' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[semgrep-sast] + 'Python and Ruby with advanced SAST' | { 'app.py' => '', 'config/routes.rb' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast semgrep-sast] + 'Golang without advanced SAST' | { 'main.go' => '' } | {} | %w[semgrep-sast] + 'Golang with disabled advanced SAST' | { 'main.go' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + 'Java with disabled advanced SAST' | { 'app.java' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + 'Python with disabled advanced SAST' | { 'app.py' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + 'Ruby with disabled advanced SAST' | { 'config/routes.rb' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + 'Javascript with disabled advanced SAST' | { 'app.js' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + 'C# with disabled advanced SAST' | { 'app.cs' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'false' } | %w[semgrep-sast] + end + + with_them do + before do + variables.each do |(key, value)| + create(:ci_variable, project: project, key: key, value: value) + end + end + + it_behaves_like 'acts as branch pipeline', params[:jobs] + + it 'excludes already-covered extensions when both gitlab-advanced-sast and semgrep-sast run' do + gitlab_advanced_sast_extensions = %w[.py .go .java .js .jsx .ts .tsx .cjs .mjs .cs] + + if build_names.include?('gitlab-advanced-sast') && build_names.include?('semgrep-sast') + # expect the variable SAST_EXCLUDED_PATHS of semgrep-sast to contain the list of extensions supported by gitlab-advanced-sast + variables = pipeline.builds.find_by(name: 'semgrep-sast').variables + sast_excluded_paths = variables.find { |v| v.key == 'SAST_EXCLUDED_PATHS' }.value + gitlab_advanced_sast_extensions.each do |ext| + expect(sast_excluded_paths).to include("**/*#{ext}") + end + end + end + end + end + end end end diff --git a/ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb b/ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb index 440f7b619333a73c..c411301d510ecc7e 100644 --- a/ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb +++ b/ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb @@ -217,6 +217,7 @@ :"eslint-sast-0", :"flawfinder-sast-0", :"kubesec-sast-0", + :"gitlab-advanced-sast-0", :"gosec-sast-0", :"mobsf-android-sast-0", :"mobsf-ios-sast-0", @@ -234,7 +235,8 @@ 'SECURE_ANALYZERS_PREFIX' => '$CI_TEMPLATE_REGISTRY_HOST/security-products', 'SAST_IMAGE_SUFFIX' => '', 'SAST_EXCLUDED_ANALYZERS' => '', - 'SAST_EXCLUDED_PATHS' => 'spec, test, tests, tmp', + 'DEFAULT_SAST_EXCLUDED_PATHS' => 'spec, test, tests, tmp', + 'SAST_EXCLUDED_PATHS' => '$DEFAULT_SAST_EXCLUDED_PATHS', 'SCAN_KUBERNETES_MANIFESTS' => 'false' } diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 2ec4e8f2013082dd..e6ff49b8e780ccf8 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -10,7 +10,8 @@ variables: SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_ANALYZERS: "" - SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" + DEFAULT_SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" + SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS" SCAN_KUBERNETES_MANIFESTS: "false" sast: @@ -44,6 +45,36 @@ sast: rules: - when: never + +gitlab-advanced-sast: + extends: .sast-analyzer + image: + name: "$SAST_ANALYZER_IMAGE" + variables: + SEARCH_MAX_DEPTH: 20 + SAST_ANALYZER_IMAGE_TAG: '0' + SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gitlab-advanced-sast:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" + rules: + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' + when: never + - if: $SAST_EXCLUDED_ANALYZERS =~ /gitlab-advanced-sast/ + when: never + - if: $GITLAB_ADVANCED_SAST_ENABLED != 'true' && $GITLAB_ADVANCED_SAST_ENABLED != '1' + when: never + - if: $CI_COMMIT_BRANCH && + $GITLAB_FEATURES =~ /\bsast_advanced\b/ + exists: + - '**/*.py' + - '**/*.go' + - '**/*.java' + - '**/*.js' + - '**/*.jsx' + - '**/*.ts' + - '**/*.tsx' + - '**/*.cjs' + - '**/*.mjs' + - '**/*.cs' + bandit-sast: extends: .sast-analyzer script: @@ -142,6 +173,35 @@ semgrep-sast: when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never + # In case gitlab-advanced-sast also runs, exclude files already scanned by gitlab-advanced-sast + - if: $CI_COMMIT_BRANCH && + $GITLAB_FEATURES =~ /\bsast_advanced\b/ && + $SAST_EXCLUDED_ANALYZERS !~ /gitlab-advanced-sast/ && + ($GITLAB_ADVANCED_SAST_ENABLED == 'true' || $GITLAB_ADVANCED_SAST_ENABLED == '1') + variables: + SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs" + exists: + - '**/*.c' + - '**/*.cc' + - '**/*.cpp' + - '**/*.c++' + - '**/*.cp' + - '**/*.cxx' + - '**/*.h' + - '**/*.hpp' + - '**/*.scala' + - '**/*.sc' + - '**/*.php' + - '**/*.swift' + - '**/*.m' + - '**/*.rb' + - '**/*.kt' + ## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned + - if: $CI_COMMIT_BRANCH && + $GITLAB_FEATURES =~ /\bsast_advanced\b/ && + $SAST_EXCLUDED_ANALYZERS !~ /gitlab-advanced-sast/ && + ($GITLAB_ADVANCED_SAST_ENABLED == 'true' || $GITLAB_ADVANCED_SAST_ENABLED == '1') + when: never - if: $CI_COMMIT_BRANCH exists: - '**/*.py' @@ -149,6 +209,8 @@ semgrep-sast: - '**/*.jsx' - '**/*.ts' - '**/*.tsx' + - '**/*.cjs' + - '**/*.mjs' - '**/*.c' - '**/*.cc' - '**/*.cpp' @@ -167,8 +229,6 @@ semgrep-sast: - '**/*.m' - '**/*.rb' - '**/*.kt' - - '**/*.cjs' - - '**/*.mjs' sobelow-sast: extends: .sast-analyzer diff --git a/spec/services/security/ci_configuration/sast_parser_service_spec.rb b/spec/services/security/ci_configuration/sast_parser_service_spec.rb index 051bbcd194b53561..517f92bac0b04e44 100644 --- a/spec/services/security/ci_configuration/sast_parser_service_spec.rb +++ b/spec/services/security/ci_configuration/sast_parser_service_spec.rb @@ -17,8 +17,9 @@ let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' } it 'parses the configuration for SAST' do + print(configuration) expect(secure_analyzers['default_value']).to eql(secure_analyzers_prefix) - expect(sast_excluded_paths['default_value']).to eql('spec, test, tests, tmp') + expect(sast_excluded_paths['default_value']).to eql('$DEFAULT_SAST_EXCLUDED_PATHS') expect(sast_pipeline_stage['default_value']).to eql('test') expect(sast_search_max_depth['default_value']).to eql('4') expect(brakeman['enabled']).to be(true) @@ -52,7 +53,7 @@ it 'populates the current values with the default values' do allow(project.repository).to receive(:blob_data_at).and_return(nil) expect(secure_analyzers['value']).to eql(secure_analyzers_prefix) - expect(sast_excluded_paths['value']).to eql('spec, test, tests, tmp') + expect(sast_excluded_paths['value']).to eql('$DEFAULT_SAST_EXCLUDED_PATHS') expect(sast_pipeline_stage['value']).to eql('test') expect(sast_search_max_depth['value']).to eql('4') expect(brakeman['enabled']).to be(true) @@ -69,7 +70,7 @@ it 'populates the current values with the default values' do expect(secure_analyzers['value']).to eql(secure_analyzers_prefix) - expect(sast_excluded_paths['value']).to eql('spec, test, tests, tmp') + expect(sast_excluded_paths['value']).to eql('$DEFAULT_SAST_EXCLUDED_PATHS') expect(sast_pipeline_stage['value']).to eql('test') expect(sast_search_max_depth['value']).to eql('4') expect(brakeman['enabled']).to be(true) -- GitLab From 3a253397c66bb5f2527b0c2f66bb9740238121ea Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Wed, 31 Jul 2024 11:29:08 +0300 Subject: [PATCH 2/9] Remove redundant test --- .../ci/templates/sast_gitlab_ci_yaml_spec.rb | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb index e48451d26d097d11..b4428df6e84481ee 100644 --- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb +++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb @@ -101,22 +101,6 @@ allow(License).to receive(:current).and_return(license) end - context 'when GITLAB_ADVANCED_SAST_ENABLED is not set' do - it "doesn't include gitlab-advanced-sast" do - expect(build_names).not_to include('gitlab-advanced-sast') - end - end - - context 'when GITLAB_ADVANCED_SAST_ENABLED="false"' do - before do - create(:ci_variable, project: project, key: 'GITLAB_ADVANCED_SAST_ENABLED', value: 'false') - end - - it "doesn't include gitlab-advanced-sast" do - expect(build_names).not_to include('gitlab-advanced-sast') - end - end - describe 'language detection' do using RSpec::Parameterized::TableSyntax -- GitLab From de629be506821099e9033b6ef765ff3e52c80d73 Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Wed, 31 Jul 2024 11:33:32 +0300 Subject: [PATCH 3/9] Remove redundant test --- ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb index b4428df6e84481ee..f244be6d4ac40dc5 100644 --- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb +++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb @@ -48,10 +48,6 @@ end context 'by default' do - it "doesn't include gitlab-advanced-sast" do - expect(build_names).not_to include('gitlab-advanced-sast') - end - describe 'language detection' do using RSpec::Parameterized::TableSyntax -- GitLab From 6ceb74edaedd66a2150c2b77786a69cd63c9015b Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Wed, 31 Jul 2024 19:03:52 +0300 Subject: [PATCH 4/9] Bump GitLab Advanced SAST analyzer to v1 --- lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index e6ff49b8e780ccf8..718c9c74161f02b5 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -52,7 +52,7 @@ gitlab-advanced-sast: name: "$SAST_ANALYZER_IMAGE" variables: SEARCH_MAX_DEPTH: 20 - SAST_ANALYZER_IMAGE_TAG: '0' + SAST_ANALYZER_IMAGE_TAG: '1' SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/gitlab-advanced-sast:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' -- GitLab From dec3f5e2c5ac76568a5cf1b028f728f0523247f1 Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Thu, 1 Aug 2024 00:18:36 +0300 Subject: [PATCH 5/9] Fix tests titles --- ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb index f244be6d4ac40dc5..746da0673c6ba673 100644 --- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb +++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb @@ -103,9 +103,9 @@ where(:case_name, :files, :variables, :jobs) do 'Golang with advanced SAST' | { 'main.go' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] 'Java with advanced SAST' | { 'app.java' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] - 'Python with advanced SAST' | { 'app.js' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] - 'Javascript with advanced SAST' | { 'app.cs' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] - 'C# with advanced SAST' | { 'app.py' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Javascript with advanced SAST' | { 'app.js' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'C# with advanced SAST' | { 'app.cs' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] + 'Python with advanced SAST' | { 'app.py' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast] 'Ruby with advanced SAST' | { 'config/routes.rb' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[semgrep-sast] 'Python and Ruby with advanced SAST' | { 'app.py' => '', 'config/routes.rb' => '' } | { 'GITLAB_ADVANCED_SAST_ENABLED' => 'true' } | %w[gitlab-advanced-sast semgrep-sast] 'Golang without advanced SAST' | { 'main.go' => '' } | {} | %w[semgrep-sast] -- GitLab From b79fd9bd88c6e47b0e9b9fbe0f7993d2dc6ff0c5 Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Fri, 2 Aug 2024 18:34:40 +0300 Subject: [PATCH 6/9] Update the documentation --- doc/user/application_security/sast/gitlab_advanced_sast.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user/application_security/sast/gitlab_advanced_sast.md b/doc/user/application_security/sast/gitlab_advanced_sast.md index 22c36fc783efbd8e..2dd72a58562e44dd 100644 --- a/doc/user/application_security/sast/gitlab_advanced_sast.md +++ b/doc/user/application_security/sast/gitlab_advanced_sast.md @@ -77,7 +77,7 @@ To enable the Advanced SAST analyzer: 1. Select **Build > Pipeline editor**. 1. If no `.gitlab-ci.yml` file exists, select **Configure pipeline**, then delete the example content. -1. Include the latest SAST template `Jobs/SAST.latest.gitlab-ci.yml` (if not already done). +1. Include a SAST template (if not already done), either `Jobs/SAST.gitlab-ci.yml` or `Jobs/SAST.latest.gitlab-ci.yml`. **Note:** The `latest` templates can receive breaking changes in any release. 1. Set the CI/CD variable `GITLAB_ADVANCED_SAST_ENABLED` to `true`. -- GitLab From f7caabb81a4c82e0af57592ebad6ed8ffd507930 Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Sun, 4 Aug 2024 22:46:11 +0300 Subject: [PATCH 7/9] Fix the example YAML template in the documentation --- .../sast/gitlab_advanced_sast.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/user/application_security/sast/gitlab_advanced_sast.md b/doc/user/application_security/sast/gitlab_advanced_sast.md index 2dd72a58562e44dd..724655c1d4013bf5 100644 --- a/doc/user/application_security/sast/gitlab_advanced_sast.md +++ b/doc/user/application_security/sast/gitlab_advanced_sast.md @@ -83,13 +83,13 @@ To enable the Advanced SAST analyzer: Here is a minimal YAML file for enabling GitLab Advanced SAST: - ```yaml - include: - - template: Jobs/SAST.latest.gitlab-ci.yml +```yaml +include: + - template: Jobs/SAST.gitlab-ci.yml - variables: - GITLAB_ADVANCED_SAST_ENABLED: 'true' - ``` +variables: + GITLAB_ADVANCED_SAST_ENABLED: 'true' +``` 1. Select the **Validate** tab, then select **Validate pipeline**. -- GitLab From 27e8b5d346e5a6d1187a668bf45c4d63853b5a63 Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Mon, 5 Aug 2024 06:34:08 +0000 Subject: [PATCH 8/9] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Russell Dickenson <rdickenson@gitlab.com> --- doc/user/application_security/sast/gitlab_advanced_sast.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/user/application_security/sast/gitlab_advanced_sast.md b/doc/user/application_security/sast/gitlab_advanced_sast.md index 724655c1d4013bf5..a12d6710ad2d8f30 100644 --- a/doc/user/application_security/sast/gitlab_advanced_sast.md +++ b/doc/user/application_security/sast/gitlab_advanced_sast.md @@ -85,10 +85,10 @@ Here is a minimal YAML file for enabling GitLab Advanced SAST: ```yaml include: - - template: Jobs/SAST.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml variables: - GITLAB_ADVANCED_SAST_ENABLED: 'true' + GITLAB_ADVANCED_SAST_ENABLED: 'true' ``` 1. Select the **Validate** tab, then select **Validate pipeline**. -- GitLab From 311aa2443ee3955c22ce977177989a528f52590b Mon Sep 17 00:00:00 2001 From: Meir Benayoun <mbenayoun@gitlab.com> Date: Mon, 5 Aug 2024 12:55:12 +0000 Subject: [PATCH 9/9] Apply 1 suggestion(s) to 1 file(s) --- .../security/ci_configuration/sast_parser_service_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/services/security/ci_configuration/sast_parser_service_spec.rb b/spec/services/security/ci_configuration/sast_parser_service_spec.rb index 517f92bac0b04e44..93399d3aa4cfe227 100644 --- a/spec/services/security/ci_configuration/sast_parser_service_spec.rb +++ b/spec/services/security/ci_configuration/sast_parser_service_spec.rb @@ -17,7 +17,6 @@ let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' } it 'parses the configuration for SAST' do - print(configuration) expect(secure_analyzers['default_value']).to eql(secure_analyzers_prefix) expect(sast_excluded_paths['default_value']).to eql('$DEFAULT_SAST_EXCLUDED_PATHS') expect(sast_pipeline_stage['default_value']).to eql('test') -- GitLab