Allow running SAST rules in all types of pipelines (!81972) · Merge requests · GitLab.org / GitLab

Dark Dragon requested to merge darkdragon-001/gitlab:sast-template-mr-pipelines into master Mar 02, 2022

What does this MR do and why?

This merge request removes the if: $CI_COMMIT_BRANCH condition from the SAST rules in order to allow running the jobs in all types of pipelines without overriding all(!) SAST jobs. The user then has the ability to use workflow rules to disable merge request pipelines when he/she wants to restore the old behavior. Using workflow rules is the way how rules are [supposed to be used anyway according to your documentation. Even without any changes to user's .gitlab-ci.yml, pipelines continue to work.

Screenshots or screen recordings

No UI changes.

How to set up and validate locally

# .gitlab-ci.yml
include:
  - template: Security/SAST.gitlab-ci.yml

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

References

Fixes #353239 (closed)

Edited Mar 02, 2022 by Dark Dragon

Allow running SAST rules in all types of pipelines

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

References

Merge request reports