Always run build and verify on the default branch (!528) · Merge requests · GitLab.org / security-products / sast-rules

Craig Smith requested to merge craigmsmith-fix-broken-release into main Apr 15, 2024

What does this MR do?

The release is currently broken because build-and-verify, which release requires, only runs when one of

          - "{c,csharp,go,java,javascript,mappings,python,rules,scala}/**/*"
          - "CHANGELOG.md"

has been updated on the main branch. The issue is that the change is being merged to the main branch so build-and-verify won't run. I'm hoping this MR will mean build-and-verify runs whenever main runs, meaning release will work.

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

The test cases cover both positive and negative cases and are also annotated with appropriate semgrep annotations:
- For positive cases: // ruleid: ...
- For negative cases: // ok: ....
Following metadata fields exist for the rule(s) added/updated in this MR:
- owasp with both 2017 and 2021 mappings.
- category: "security"
- cwe
- shortDescription
- security-severity
The message field is valid and contains a secure code example.
Applicable license is mentioned in the rule if embedded/taken from external source.
Relevant labels including workflow labels are appropriately selected.

Edited Apr 15, 2024 by Craig Smith

Always run build and verify on the default branch

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports