SAST ignores SAST_DISABLED if SAST_DISABLE_DIND is set
Summary
SAST ignores the SAST_DISABLED
variable if SAST_DISABLE_DIND
is set.
Steps to reproduce
- Add the SAST template to a project
- Set
SAST_DISABLED
toSAST_DISABLE_DIND
to"true"
- Project will run SAST
Example Project
https://gitlab.com/gitlab-org/defend/waf-enablement-demo/pipelines/104668784
What is the current bug behavior?
SAST is running
What is the expected correct behavior?
SAST should not run, a SAST_DISABLED
project variable has been set in the CI/CD settings.