Skip to content

G
gitlab-ce
Commit ec6e897f authored by Achilleas Pipinellis's avatar Achilleas Pipinellis
Browse files
Options

Refactor the new SAST docs

parent e3b41f3c
Show whitespace changes
Inline Side-by-side
Showing with 10 additions and 8 deletions
doc/user/security/sast/index.md
View file @ ec6e897f
...@@ -45,9 +45,11 @@ The results are sorted by the priority of the vulnerability: ...@@ -45,9 +45,11 @@ The results are sorted by the priority of the vulnerability:
## Requirements ## Requirements
To run a SAST job, you need GitLab Runner with a To run a SAST job, you need GitLab Runner with the
[docker-in-docker executor](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode). [`docker`](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode) or
If you're using the shared Runners on GitLab.com, this is enabled by default. [`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html#running-privileged-containers-for-the-runners)
executor running in privileged mode. If you're using the shared Runners on GitLab.com,
this is enabled by default.
## Supported languages and frameworks ## Supported languages and frameworks
...@@ -110,7 +112,7 @@ your project's source code for possible vulnerabilities. ...@@ -110,7 +112,7 @@ your project's source code for possible vulnerabilities.
The report will be saved as a The report will be saved as a
[SAST report artifact](../../../ci/yaml/README.md#artifactsreportssast-ultimate) [SAST report artifact](../../../ci/yaml/README.md#artifactsreportssast-ultimate)
that you can later download and analyze. Due to implementation limitations we that you can later download and analyze. Due to implementation limitations, we
always take the latest SAST artifact available. Behind the scenes, the always take the latest SAST artifact available. Behind the scenes, the
[GitLab SAST Docker image](https://gitlab.com/gitlab-org/security-products/sast) [GitLab SAST Docker image](https://gitlab.com/gitlab-org/security-products/sast)
is used to detect the languages/frameworks and in turn runs the matching scan tools. is used to detect the languages/frameworks and in turn runs the matching scan tools.
...@@ -119,9 +121,8 @@ is used to detect the languages/frameworks and in turn runs the matching scan to ...@@ -119,9 +121,8 @@ is used to detect the languages/frameworks and in turn runs the matching scan to
The SAST settings can be changed through environment variables by using the The SAST settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
These variables are documented in the
Because the template is [evaluated before](../../../ci/yaml/README.md#include) [SAST tool documentation](https://gitlab.com/gitlab-org/security-products/sast#settings).
the pipeline configuration, the last mention of the variable will take precedence.
In the following example, we include the SAST template and at the same time we In the following example, we include the SAST template and at the same time we
set the `SAST_GOSEC_LEVEL` variable to `2`: set the `SAST_GOSEC_LEVEL` variable to `2`:
...@@ -134,7 +135,8 @@ variables: ...@@ -134,7 +135,8 @@ variables:
SAST_GOSEC_LEVEL: 2 SAST_GOSEC_LEVEL: 2
``` ```
[**> Find all the supported variables that you can use, in the SAST analyzer's project page.**](https://gitlab.com/gitlab-org/security-products/sast#settings) Because the template is [evaluated before](../../../ci/yaml/README.md#include)
the pipeline configuration, the last mention of the variable will take precedence.
#### Overriding the SAST template #### Overriding the SAST template
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7