Fix sast documentation and example. Fix #4954

5fc42fb8 · Olivier Gonzalez · Achilleas Pipinellis · 08bfd326 · 5fc42fb8 · 5fc42fb8
Commit 5fc42fb8 authored Feb 15, 2018 by Olivier Gonzalez Committed by Achilleas Pipinellis Feb 20, 2018
Showing with 8 additions and 1 deletion

doc/ci/examples/sast.md doc/ci/examples/sast.md +3 -1

doc/topics/autodevops/index.md doc/topics/autodevops/index.md +2 -0

doc/user/project/merge_requests/sast.md doc/user/project/merge_requests/sast.md +3 -0

No files found.
--- a/doc/ci/examples/sast.md
+++ b/doc/ci/examples/sast.md
@@ -45,7 +45,9 @@ sast:
        # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable"
        SAST_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-        docker run --volume "$PWD:/code" \
+        docker run --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" \
+                   --env SAST_DISABLE_REMOTE_CHECKS="${SAST_DISABLE_REMOTE_CHECKS:-false}" \
+                   --volume "$PWD:/code" \
                   --volume /var/run/docker.sock:/var/run/docker.sock \
                   "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
        ;;

--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -441,6 +441,8 @@ also be customized, and you can easily use a [custom buildpack](#custom-buildpac
 | `POSTGRES_PASSWORD` | The PostgreSQL password; defaults to `testing-password`. Set it to use a custom password. |
 | `POSTGRES_DB`       | The PostgreSQL database name; defaults to the value of [`$CI_ENVIRONMENT_SLUG`](../../ci/variables/README.md#predefined-variables-environment-variables). Set it to use a custom database name. |
 | `BUILDPACK_URL`  | The buildpack's full URL. It can point to either Git repositories or a tarball URL. For Git repositories, it is possible to point to a specific `ref`, for example `https://github.com/heroku/heroku-buildpack-ruby.git#v142`|
+| `SAST_CONFIDENCE_LEVEL`  | The confidence level of security issues you want to be reported; `1` for Low, `2` for Medium, `3` for High; defaults to `3`.|
+| `SAST_DISABLE_REMOTE_CHECKS`  | Whether remote SAST checks are disabled; defaults to `"false"`. Set to `"true"` to disable SAST checks that send data to GitLab central servers. [Read more about remote checks](https://gitlab.com/gitlab-org/security-products/sast#remote-checks).|
 TIP: **Tip:**
 Set up the replica variables using a

--- a/doc/user/project/merge_requests/sast.md
+++ b/doc/user/project/merge_requests/sast.md
@@ -34,6 +34,9 @@ The following languages and frameworks are supported.
 | Java ([Maven](http://maven.apache.org/)) | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
 | PHP ([Composer](https://getcomposer.org/)) | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
+Some security scanners require to send a list of project dependencies to GitLab central servers to check for vulnerabilities. To learn more about this or to disable it please
+check [GitLab SAST documentation](https://gitlab.com/gitlab-org/security-products/sast#remote-checks).
 ## How it works
 First of all, you need to define a job named `sast` in your `.gitlab-ci.yml`