Commit c08dc2b8 authored by ap4y's avatar ap4y

Rename MAJOR_VERSION to ANALYZER_IMAGE_TAG in SAST

SAST_MAJOR_VERSION was previously introduced as a part of DinD-less
implementation and it has similar semantics to SAST_ANALYZER_IMAGE_TAG
which is used by DinD SAST. SAST_ANALYZER_IMAGE_TAG will be used to be
consistent with DinD setups.
parent 9d973fa3
...@@ -196,8 +196,7 @@ The following are Docker image-related variables. ...@@ -196,8 +196,7 @@ The following are Docker image-related variables.
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `SAST_ANALYZER_IMAGES` | Comma separated list of custom images. Default images are still enabled. Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). | | `SAST_ANALYZER_IMAGES` | Comma separated list of custom images. Default images are still enabled. Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). |
| `SAST_ANALYZER_IMAGE_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md). | | `SAST_ANALYZER_IMAGE_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md). |
| `SAST_ANALYZER_IMAGE_TAG` | Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). | | `SAST_ANALYZER_IMAGE_TAG` | Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md). |
| `SAST_MAJOR_VERSION` | Override the Docker tag of the default images. Only available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). |
| `SAST_DEFAULT_ANALYZERS` | Override the names of default images. Read more about [customizing analyzers](analyzers.md). | | `SAST_DEFAULT_ANALYZERS` | Override the names of default images. Read more about [customizing analyzers](analyzers.md). |
| `SAST_DISABLE_DIND` | Disable Docker in Docker and run analyzers [individually](#disabling-docker-in-docker-for-sast). | | `SAST_DISABLE_DIND` | Disable Docker in Docker and run analyzers [individually](#disabling-docker-in-docker-for-sast). |
| `SAST_PULL_ANALYZER_IMAGES` | Pull the images from the Docker registry (set to 0 to disable). Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). | | `SAST_PULL_ANALYZER_IMAGES` | Pull the images from the Docker registry (set to 0 to disable). Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). |
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
variables: variables:
SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex" SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"
SAST_MAJOR_VERSION: 2 SAST_ANALYZER_IMAGE_TAG: 2
SAST_DISABLE_DIND: "false" SAST_DISABLE_DIND: "false"
sast: sast:
...@@ -61,7 +61,7 @@ sast: ...@@ -61,7 +61,7 @@ sast:
bandit-sast: bandit-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -71,7 +71,7 @@ bandit-sast: ...@@ -71,7 +71,7 @@ bandit-sast:
brakeman-sast: brakeman-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -81,7 +81,7 @@ brakeman-sast: ...@@ -81,7 +81,7 @@ brakeman-sast:
eslint-sast: eslint-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -91,7 +91,7 @@ eslint-sast: ...@@ -91,7 +91,7 @@ eslint-sast:
flawfinder-sast: flawfinder-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -101,7 +101,7 @@ flawfinder-sast: ...@@ -101,7 +101,7 @@ flawfinder-sast:
gosec-sast: gosec-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -111,7 +111,7 @@ gosec-sast: ...@@ -111,7 +111,7 @@ gosec-sast:
nodejs-scan-sast: nodejs-scan-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -121,7 +121,7 @@ nodejs-scan-sast: ...@@ -121,7 +121,7 @@ nodejs-scan-sast:
phpcs-security-audit-sast: phpcs-security-audit-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -131,7 +131,7 @@ phpcs-security-audit-sast: ...@@ -131,7 +131,7 @@ phpcs-security-audit-sast:
pmd-apex-sast: pmd-apex-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -141,7 +141,7 @@ pmd-apex-sast: ...@@ -141,7 +141,7 @@ pmd-apex-sast:
secrets-sast: secrets-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -150,7 +150,7 @@ secrets-sast: ...@@ -150,7 +150,7 @@ secrets-sast:
security-code-scan-sast: security-code-scan-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -160,7 +160,7 @@ security-code-scan-sast: ...@@ -160,7 +160,7 @@ security-code-scan-sast:
sobelow-sast: sobelow-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -170,7 +170,7 @@ sobelow-sast: ...@@ -170,7 +170,7 @@ sobelow-sast:
spotbugs-sast: spotbugs-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
...@@ -180,7 +180,7 @@ spotbugs-sast: ...@@ -180,7 +180,7 @@ spotbugs-sast:
tslint-sast: tslint-sast:
extends: .analyzer extends: .analyzer
image: image:
name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_MAJOR_VERSION" name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
only: only:
variables: variables:
- $GITLAB_FEATURES =~ /\bsast\b/ && - $GITLAB_FEATURES =~ /\bsast\b/ &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment