Add support for SAST in security policies (!73938) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 340722-add-support-for-sast into master Nov 08, 2021

What does this MR do and why?

This change adds new scan type to Security Orchestration Policies: SAST. This MR also adds new way to execute scans in enforced pipeline: in child pipeline.

Screenshots or screen recordings

How to set up and validate locally

Create new project (you can import ie. https://github.com/digininja/DVWA)
Go to Security Policy -> Policies, click on New Policy, select Scan Execution as Policy type.

Paste policy:

type: scan_execution_policy
name: 'SAST test'
description: 'SAST test'
enabled: true
rules:
  - type: pipeline
    branches:
      - master
actions:
  - scan: sast

Create new MR with updated policy and hit merge.

In your project add .gitlab-ci.yml file and add simple config:

image: busybox:latest

test:
  stage: test
  script:
    - echo "Do a test here"

Go to your project -> CI/CD -> Pipelines and click Run Pipeline

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #340722 (closed)

Edited Nov 10, 2021 by Alan (Maciej) Paruszewski

Add support for SAST in security policies

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports