Skip to content

Migrate from SAST_DEFAULT_ANALYZERS to SAST_EXCLUDED_ANALYZERS

rossfuhrman requested to merge 229974-migrate-to-SAST_EXCLUDED_ANALYZERS into master

What does this MR do?

Adds support for SAST_EXCLUDED_ANALYZERS to the SAST vendored template. We are also maintaining backwards compatible support for SAST_DEFAULT_ANALYZERS during a deprecation period. SAST_DEFAULT_ANALYZERS will be removed in %14.0 with Remove SAST_DEFAULT_ANALYZERS.

SAST_EXCLUDED_ANALYZERS allows customers to specify which SAST analyzers they do not want to run, as opposed to the old way where they would need to use SAST_DEFAULT_ANALYZERS to list all the analyzers they wanted to run.

Configuring SAST in the UI has also been updated to support SAST_EXCLUDED_ANALYZERS while also maintaining backwards compatible support for SAST_DEFAULT_ANALYZERS.

Screenshots (strongly suggested)

Local screenshot of using the updated SAST Configuration UI where the only change was checking/unchecking analyzers. This demonstrates the old SAST_DEFAULT_ANALYZERS variable is read and the SAST_EXCLUDED_ANALYZERS is written. Screen_Shot_2021-01-10_at_9.11.53_PM

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #229974 (closed)

Edited by rossfuhrman

Merge request reports

Loading