Draft: Specify more SAST analyzers for sort order
What does this MR do and why?
These SAST analyzers also have coverage from Semgrep. We need to give them a sort order for deduplication purposes.
Request access to see an example of this bug: https://gitlab.com/rossfuhrman/more-testing/-/security/vulnerability_report https://gitlab.com/rossfuhrman/more-testing/-/security/vulnerability_report
Steps to reproduce current bug:
- Merge MR that has Python and Go vulnerabilities and has the
bandit
andgosec
analyzers run, but excludes thesemgrep
analyzer. - Note that vulnerabilities show for both languages.
- Merge MR that turns on
semgrep
, so that it runs alongsidebandit
andgosec
. - Note that the
bandit
vulnerabilities are not duplicated, but thegosec
vulnerabilities are.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by rossfuhrman