Exclude eslint as a SAST analyzer

Review changes
Download
Patches
Plain diff

Thomas Woodham requested to merge 12296-disable-eslint into master Sep 02, 2021

Overview 7
Commits 1
Pipelines 4
Changes 1

What does this MR do?

The eslint analyzer that's part of SAST is quite noisy and has a pretty high false positive rate. Also, it's coverage is now duplicated by the semgrep analyzer that also provides coverage for JavaScript. This MR removes eslint from the GitLab build configuration.

Related issues

https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/12296

Check-list

Pre-merge

Consider the effect of the changes in this merge request on the following:

Different pipeline types
Non-canonical projects:
- gitlab-foss
- security
- dev
- personal forks
Pipeline performance

If new jobs are added:

Change-related rules (e.g. frontend/backend/database file changes): _____
Frequency they are running (MRs, main branch, nightly, bi-hourly): _____
Add a duration chart to https://app.periscopedata.com/app/gitlab/652085/Engineering-Productivity---Pipeline-Build-Durations if there are new jobs added to merge request pipelines

This will help keep track of expected cost increases to the GitLab project average pipeline cost per merge request RPI

Post-merge

Consider communicating these changes to the broader team following the communication guideline for pipeline changes

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading