Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7e286334
Commit
7e286334
authored
Nov 05, 2019
by
Lucas Charles
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update SAST docs for leveraging existing builds
parent
d20a0afb
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
51 additions
and
0 deletions
+51
-0
doc/user/application_security/sast/index.md
doc/user/application_security/sast/index.md
+51
-0
No files found.
doc/user/application_security/sast/index.md
View file @
7e286334
...
...
@@ -199,9 +199,60 @@ include:
-
template
:
SAST.gitlab-ci.yml
variables
:
SAST_DISABLE_DIND
:
"
true"
SCAN_KUBERNETES_MANIFESTS
:
"
true"
```
#### Pre-compilation
If your project requires custom build configurations, it can be preferable to avoid
compilation during your SAST execution and instead pass all job artifacts from an
earlier stage within the pipeline.
To pass your project's dependencies as artifacts, the dependencies must be included
in the project's working directory and specified using the
`artifacts:path`
configuration.
If all dependencies are present, the
`-compile=false`
flag can be provided to the
analyzer and compilation will be skipped:
```
yaml
image
:
maven:3.6-jdk-8-alpine
stages
:
-
build
-
test
include
:
template
:
SAST.gitlab-ci.yml
variables
:
SAST_DISABLE_DIND
:
"
true"
build
:
stage
:
build
script
:
-
mvn package -Dmaven.repo.local=./.m2/repository
artifacts
:
paths
:
-
.m2/
-
target/
spotbugs-sast
:
dependencies
:
build
script
:
-
/analyzer run -compile=false
variables
:
MAVEN_REPO_PATH
:
./.m2/repository
artifacts
:
reports
:
sast
:
gl-sast-report.json
```
NOTE:
**Note:**
The path to the vendored directory must be specified explicitly to allow
the analyzer to recognize the compiled artifacts. This configuration can vary per
analyzer but in the case of Java above,
`MAVEN_REPO_PATH`
can be used.
See
[
Analyzer settings
](
#analyzer-settings
)
for the complete list of available options.
### Available variables
SAST can be
[
configured
](
#customizing-the-sast-settings
)
using environment variables.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment