Commit aa0b0dc2 authored by Seth Berger's avatar Seth Berger Committed by Achilleas Pipinellis

Update secure integration document

parent 6ea0c852
...@@ -70,7 +70,7 @@ mysec_dependency_scanning: ...@@ -70,7 +70,7 @@ mysec_dependency_scanning:
`gl-sast-report.json` is an example file path. See [the Output file section](#output-file) for more details. `gl-sast-report.json` is an example file path. See [the Output file section](#output-file) for more details.
It is processed as a SAST report because it is declared as such in the job definition. It is processed as a SAST report because it is declared as such in the job definition.
### Rules ### Policies
Scanning jobs should be skipped unless the corresponding feature is listed Scanning jobs should be skipped unless the corresponding feature is listed
in the `GITLAB_FEATURES` variable (comma-separated list of values). in the `GITLAB_FEATURES` variable (comma-separated list of values).
...@@ -103,11 +103,9 @@ mysec_dependency_scanning: ...@@ -103,11 +103,9 @@ mysec_dependency_scanning:
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjava\b/ $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjava\b/
``` ```
The [`only/except`](../../ci/yaml/README.md#onlyexcept-basic) keywords Any additional job policy should only be configured by users based on their needs.
as well as the new [`rules`](../../ci/yaml/README.md#rules) keyword For instance, predefined policies should not trigger the scanning job
make possible to trigger the job depending on the branch, or when some particular file changes. for a particular branch or when a particular set of files changes.
Such rules should be defined by users based on their needs,
and should not be predefined in the job definition of the scanner.
## Docker image ## Docker image
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment