Add Security Scanner Configuration section and scanner CLI flags CI var (!94764) · Merge requests · GitLab.org / GitLab

Vishwa Bhat requested to merge vbhat161-master-patch-97483 into master Aug 08, 2022

What does this MR do and why?

This MR includes the following:

A section on Security Scanner Configuration - a provision for users to pass additional CLI options to the underlying security scanner in the SAST analyzer.
Add --max-memory flag under Semgrep in the allowed flags
CI Variable under Analyzer Setting: SAST_SCANNER_ALLOWED_CLI_OPTS - accepts a list of allowed flags forwarded to the security scanner as CLI options.

Relevant Issue numbers

Introduce a generic SAST CI var to forward flag... (#368565 - closed)
Accept --max-memory flag in SAST_SCANNER_ALLOWE... (#369388 - closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 17, 2022 by Vishwa Bhat

Add Security Scanner Configuration section and scanner CLI flags CI var

What does this MR do and why?

Relevant Issue numbers

MR acceptance checklist

Merge request reports