Add Security Scanner Configuration section and scanner CLI flags CI var
What does this MR do and why?
This MR includes the following:
- A section on Security Scanner Configuration - a provision for users to pass additional CLI options to the underlying security scanner in the SAST analyzer.
- Add
--max-memory
flag under Semgrep in the allowed flags - CI Variable under Analyzer Setting:
SAST_SCANNER_ALLOWED_CLI_OPTS
- accepts a list of allowed flags forwarded to the security scanner as CLI options.
Relevant Issue numbers
- Introduce a generic SAST CI var to forward flag... (#368565 - closed)
- Accept --max-memory flag in SAST_SCANNER_ALLOWE... (#369388 - closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vishwa Bhat