Ignore gosec and brakeman analyzers
What does this MR do?
According to https://docs.gitlab.com/ee/update/deprecations#sast-analyzer-consolidation-and-cicd-template-changes and https://gitlab.com/gitlab-org/security-products/analyzers/gosec, the Gosec
analyzer has been deprecated and should not be used.
The replacement seems to be the semgrep
analyzer which is already being used by Pages because we're including the SAST template from the main GitLab repository.
Pages does not use Ruby but needs a Gemfile because of dangerbot, as such the rules for the brakeman
analyzer are triggered and a job is added to the pipeline.
This MR adds gosec
and brakeman
to the list of excluded analyzers.
This is part of an effort to reduce CI minutes consumption in GitLab products in response to the recent change in CI/CD minutes usage for contributors.
TODO
-
I added the Changelog
trailer (e.g.Changelog: added
) to the commits that need to be included in the changelog -
I added unit tests or they are not required -
I added acceptance tests or they are not required -
I added documentation (or it's not required) -
I followed code review guidelines -
I followed Go Style guidelines