Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Document SEARCH_MAX_DEPTH option for SAST analyzers

Review changes
Download
Patches
Plain diff

Thiago Figueiró requested to merge sast-configuration-variables into master Jul 15, 2020

Overview 11
Commits 2
Pipelines 2
Changes 1

What does this MR do?

The SEARCH_MAX_DEPTH variable defaults to 4 as discussed and decided in #209747 (comment 354248167).

It's important to document this variable because the rules to trigger an analyzer use glob patterns (example), which are not depth limited. This causes sast jobs to fail if a source file is in a directory depth greater than 4 because the analyzer will be run but it won't find any source files to process (example).

Therefore, it's important that this variable is in the documentation where users can find it.

Related issues

See above + internal slack thread.

Author's checklist (required)

Follow the Documentation Guidelines and Style Guide.
If you have developer access or higher (for example, GitLab team members or Core Team members)
- Apply the documentation label, plus:
  - The corresponding DevOps stage and group label, if applicable.
  - development guidelines when changing docs under doc/development/*, CONTRIBUTING.md, or README.md.
  - development guidelines and Documentation guidelines when changing docs under development/documentation/*.
  - development guidelines and Description templates (.gitlab/*) when creating/updating issue and MR description templates.
- Assign the designated Technical Writer.

Do not add the feature, frontend, backend, ~"bug", or database labels if you are only updating documentation. These labels will cause the MR to be added to code verification QA issues.

When applicable:

Update the permissions table.
Link docs to and from the higher-level index page, plus other related docs where helpful.
Add GitLab's version history note(s).
Add the product tier badge.
Add/update the feature flag section.
If you're changing document headings, search doc/*, app/views/*, and ee/app/views/* for old headings replacing with the new ones to avoid broken anchors.

Review checklist

All reviewers can help ensure accuracy, clarity, completeness, and adherence to the Documentation Guidelines and Style Guide.

1. Primary Reviewer

Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.

2. Technical Writer

Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable DevOps stage.
- Ensure Technical Writing, documentation, and a docs:: scoped label are added.
- Add docs-only when the only files changed are under doc/*.
- Add twdoing when starting work on the MR.
- Add twfinished if Technical Writing team work on the MR is complete but it remains open.

3. Maintainer

Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
Ensure a release milestone is set.
If there has not been a technical writer review, create an issue for one using the Doc Review template.

Edited Jul 15, 2020 by Russell Dickenson

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading