Adding SAST template should change to an "include"
Problem to solve
With the current workflow of Add File -> select .gitlab-ci.yml -> select template SAST, all of the contents of SAST.gitlab-ci.yml get copied in to gitlab-ci.yml. All of the SAST variables are being overwritten with what are our defaults as of that time, and the user wouldn't receive any updates we push to SAST.gitlab-ci.yml.
Solution
- Adding the SAST template in
Files
adds aninclude
as specified in the docs. - Consider adding a comment encouraging configuration in the SAST Config UI (not shown below)
Current | Proposed |
---|---|
This change also matches the experience of adding the Code Quality template.
Implementation plan
-
Move Security/Secret-Detection.gitlab-ci.yml
and Security/SAST.gitlab-ci.yml toJobs
-
Add Security/**
placeholders that include the movedJob/**
templates
cc @tmccaslin @rossfuhrman @theoretick @ssarka @twoodham @nmccorrison
Edited by rossfuhrman