Commit 7e286334 authored by Lucas Charles's avatar Lucas Charles

Update SAST docs for leveraging existing builds

parent d20a0afb
......@@ -199,9 +199,60 @@ include:
- template: SAST.gitlab-ci.yml
variables:
SAST_DISABLE_DIND: "true"
SCAN_KUBERNETES_MANIFESTS: "true"
```
#### Pre-compilation
If your project requires custom build configurations, it can be preferable to avoid
compilation during your SAST execution and instead pass all job artifacts from an
earlier stage within the pipeline.
To pass your project's dependencies as artifacts, the dependencies must be included
in the project's working directory and specified using the `artifacts:path` configuration.
If all dependencies are present, the `-compile=false` flag can be provided to the
analyzer and compilation will be skipped:
```yaml
image: maven:3.6-jdk-8-alpine
stages:
- build
- test
include:
template: SAST.gitlab-ci.yml
variables:
SAST_DISABLE_DIND: "true"
build:
stage: build
script:
- mvn package -Dmaven.repo.local=./.m2/repository
artifacts:
paths:
- .m2/
- target/
spotbugs-sast:
dependencies: build
script:
- /analyzer run -compile=false
variables:
MAVEN_REPO_PATH: ./.m2/repository
artifacts:
reports:
sast: gl-sast-report.json
```
NOTE: **Note:**
The path to the vendored directory must be specified explicitly to allow
the analyzer to recognize the compiled artifacts. This configuration can vary per
analyzer but in the case of Java above, `MAVEN_REPO_PATH` can be used.
See [Analyzer settings](#analyzer-settings) for the complete list of available options.
### Available variables
SAST can be [configured](#customizing-the-sast-settings) using environment variables.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment