Migrate from SAST_DEFAULT_ANALYZERS to SAST_EXCLUDED_ANALYZERS
What does this MR do?
Adds support for SAST_EXCLUDED_ANALYZERS to the SAST vendored template. We are also maintaining backwards compatible support for SAST_DEFAULT_ANALYZERS during a deprecation period. SAST_DEFAULT_ANALYZERS will be removed in %14.0 with Remove SAST_DEFAULT_ANALYZERS.
SAST_EXCLUDED_ANALYZERS allows customers to specify which SAST analyzers they do not want to run, as opposed to the old way where they would need to use SAST_DEFAULT_ANALYZERS to list all the analyzers they wanted to run.
Configuring SAST in the UI has also been updated to support SAST_EXCLUDED_ANALYZERS while also maintaining backwards compatible support for SAST_DEFAULT_ANALYZERS.
Screenshots (strongly suggested)
Local screenshot of using the updated SAST Configuration UI where the only change was checking/unchecking analyzers. This demonstrates the old SAST_DEFAULT_ANALYZERS variable is read and the SAST_EXCLUDED_ANALYZERS is written.
Does this MR meet the acceptance criteria?
Conformity
- Changelog entry
- Documentation (if required)
- Code review guidelines
- Merge request performance guidelines
- Style guides
- Database guides
- Separation of EE specific content
Availability and Testing
- Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- Tested in all supported browsers
- Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention
@gitlab-com/gl-security/appsec - The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- Security reports checked/validated by a reviewer from the AppSec team
Related to #229974 (closed)