Commit ccbc8a50 authored by Russell Dickenson's avatar Russell Dickenson

Document SAST multi-project support

parent 4a5817e3
...@@ -94,6 +94,31 @@ Note that the Java analyzers can also be used for variants like the ...@@ -94,6 +94,31 @@ Note that the Java analyzers can also be used for variants like the
[Grails](https://grails.org/), [Grails](https://grails.org/),
and the [Maven wrapper](https://github.com/takari/maven-wrapper). and the [Maven wrapper](https://github.com/takari/maven-wrapper).
### Multi-project support
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4895) in GitLab 13.7.
GitLab SAST can scan repositories that contain multiple projects. All projects must be in the same
language.
The following analyzers have multi-project support:
- Bandit
- ESLint
- Gosec
- Kubesec
- NodeJsScan
- MobSF
- PMD
- Security Code Scan
- SpotBugs
- Sobelow
#### Enable multi-project support for Security Code Scan
Multi-project support in the Security Code Scan requires a Solution (`.sln`) file in the root of
the repository. For details on the Solution format, see the Microsoft reference [Solution (.sln) file](https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/solution-dot-sln-file?view=vs-2019).
### Making SAST analyzers available to all GitLab tiers ### Making SAST analyzers available to all GitLab tiers
All open source (OSS) analyzers have been moved to the GitLab Core tier as of GitLab 13.3. All open source (OSS) analyzers have been moved to the GitLab Core tier as of GitLab 13.3.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment