Gosec Custom Ruleset

Review changes
Download
Patches
Plain diff

Zach Rice requested to merge ruleset-passthrough into master Sep 14, 2020

Overview 27
Commits 20
Pipelines 15
Changes 7

What does this MR do?

Adds custom rulesets for gosec

This MR enables gosec to use the new common/ruleset module to load rules for the relevant scanner from a local .gitlab/sast-rulesets.toml configuration file.

The logic in question involves basic passthrough capability as described in the linked issue. In the case of gosec, this is achieving feature parity with the pre-existing SAST_GOSEC_CONFIG ENV to specify a custom gosec configuration file.

The logic can be seen working on the downstream jobs. Note that the expectation added with this MR does not include one of the default findings (G104) due to the gosec-config.json excluding that finding specifically.

What are the relevant issue numbers?

gitlab-org/gitlab#235382 (closed)

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
Job definition updated, if necessary
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited Sep 21, 2020 by Lucas Charles

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking