Skip to content

Replace custom scripting with product-supported custom ruleset

Dominic Couture requested to merge dcouture-sast-custom-ruleset into master

What does this MR do and why?

Related to https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/13632

It removes custom scripting and replaces it with usage of the product-supported custom ruleset. We'll follow that up with Security Approvals to have something similar to the custom automation.

Screenshots or screen recordings

N/A

How to set up and validate locally

It's a pipelines modification - We can see in https://gitlab.com/gitlab-org/gitlab/-/jobs/2736500617 that the custom ruleset was used. There's a warning but it's related to the contents of a file and not the ruleset itself.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Dominic Couture

Merge request reports

Loading