Gosec Custom Ruleset
What does this MR do?
Adds custom rulesets for gosec
This MR enables gosec
to use the new common/ruleset
module to load rules for the relevant scanner from a local .gitlab/sast-rulesets.toml
configuration file.
The logic in question involves basic passthrough
capability as described in the linked issue. In the case of gosec
, this is achieving feature parity with the pre-existing SAST_GOSEC_CONFIG
ENV to specify a custom gosec configuration file.
The logic can be seen working on the downstream jobs. Note that the expectation added with this MR does not include one of the default findings (G104) due to the gosec-config.json
excluding that finding specifically.
What are the relevant issue numbers?
gitlab-org/gitlab#235382 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles