Update brakeman rules [RUN AS-IF-FOSS] (!53414) · Merge requests · GitLab.org / GitLab

rossfuhrman requested to merge rf-update-brakeman-rules into master Feb 04, 2021

What does this MR do?

Updates our detection rules for running the SAST brakeman analyzer.

Now that brakeman supports scanning most any Ruby file, we don't need to limit to Ruby on Rails projects. We want to run the brakeman job if a repository has a Gemfile or any *.rb file.

Sample MR for project that has no Gemfile, just *.rb files - pipeline

Sample MR for a Rails project with a Gemfile - pipeline

Related Issue

#300678 (closed)

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
[-] Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
[-] Database guides
[-] Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
[-] Tested in all supported browsers
[-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Edited Feb 10, 2021 by Mayra Cabrera

Update brakeman rules [RUN AS-IF-FOSS]