Disable analyzer replaced by semgrep
What does this MR do and why?
Disable the following analyzers from the sast template
- Brakeman
- Flawfinder
- MobSF iOS and android
- NodeJS Scan
- PHPCS
Disable the following analyzers from the sast latest template
- Brakeman
- MobSF iOS and android
Update the semgrep sast job so that it triggers when the following files are included in the project
- '**/*.swift'
- '**/*.m'
- '**/*.rb'
- '**/*.kt'
Copy the file extension from the latest template to the sast template to bring them inline:
- '**/*.cc'
- '**/*.cpp'
- '**/*.c++'
- '**/*.cp'
- '**/*.cxx'
This MR introduces the .deprecated-16.8 job, so the deprecation and removal configuration is easily shared. This refactor has not been applied to older jobs that have been removed for the sake of keeping this change small. A follow-up MR will be created to further refactor this template.
Related issue numbers
- Migrate Kotlin SAST coverage from SpotBugs to S... (#425086 - closed) • Jason Leasure • 17.0
- Migrate MobSF rules to Semgrep-based analyzer (#450925 - closed) • Hua Yan
- https://gitlab.com/gitlab-org/gitlab/-/issues/425087+s
- Bump SAST Analyzer major version for 17.0 and r... (#455489 - closed) • Craig Smith • 17.0
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.