fix: Reintroduce top-level SAST_ANALYZER_IMAGE_TAG for SCS (!80338) · Merge requests · GitLab.org / GitLab

Lucas Charles requested to merge set-default-value-for-scs into master Feb 09, 2022

What does this MR do and why?

fix: Reintroduce top-level SAST_ANALYZER_IMAGE_TAG for SCS

Previous MR that added deprecation shim for Security Code Scan v2 to v3 moved the default variable definition into the rules:variables block. This is not always present when customers have overridden the entire rules block leading to failures to pull images

Relates to #350935 (closed)

How to set up and validate locally

Using CI configuration off this branch update configuration to the following:

include:
  # Note if using `template: SAST.gitlab-ci.yml` here, this will fail
  - remote: https://gitlab.com/gitlab-org/gitlab/-/raw/set-default-value-for-scs/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml

security-code-scan-sast:
  rules:
    - if: "$CI_COMMIT_BRANCH"

Example: https://gitlab.com/theoretick/csharp-dotnetcore-multiproject-bump-sast-scs-major-version-to-3/-/jobs/2075644702

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 09, 2022 by Lucas Charles

fix: Reintroduce top-level SAST_ANALYZER_IMAGE_TAG for SCS

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports