Make SAST_DISABLE_DIND true

Change the default value of SAST_DISABLE_DIND
to true, to disable the Docker-in-Docker orchestrator.

changelogs/unreleased/37278-SAST_DISABLE_DIND-true.yml

+---
+title: 'Disable Docker-in-Docker for SAST by default'
+merge_request: 31589
+author:
+type: changed

ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb

@@ -33,7 +33,11 @@ describe 'SAST.gitlab-ci.yml' do
         allow(License).to receive(:current).and_return(license)
       end
 
-      context 'by default' do
+      context 'when SAST_DISABLE_DIND=false' do
+        before do
+          create(:ci_variable, project: project, key: 'SAST_DISABLE_DIND', value: 'false')
+        end
+
         it 'includes orchestrator job' do
           expect(build_names).to match_array(%w[sast])
         end
@@ -49,11 +53,7 @@ describe 'SAST.gitlab-ci.yml' do
         end
       end
 
-      context 'when SAST_DISABLE_DIND=true' do
-        before do
-          create(:ci_variable, project: project, key: 'SAST_DISABLE_DIND', value: 'true')
-        end
-
+      context 'by default' do
         describe 'language detection' do
           using RSpec::Parameterized::TableSyntax
 

lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

@@ -14,7 +14,7 @@ variables:
 
   SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex, kubesec"
   SAST_ANALYZER_IMAGE_TAG: 2
-  SAST_DISABLE_DIND: "false"
+  SAST_DISABLE_DIND: "true"
   SCAN_KUBERNETES_MANIFESTS: "false"
 
 sast: