Commit f845d6af authored by Mark Florian's avatar Mark Florian Committed by Nicolò Maria Mezzopera

Enable sast_configuration_ui feature flag

This enables the [SAST Configuration UI][1] by default, and adds
documentation for it.

Addresses https://gitlab.com/gitlab-org/gitlab/-/issues/231357.

[1]: https://gitlab.com/groups/gitlab-org/-/epics/3659
parent d03735af
...@@ -24,6 +24,13 @@ NOTE: **Note:** ...@@ -24,6 +24,13 @@ NOTE: **Note:**
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md), If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
all security features will be configured by default. all security features will be configured by default.
## SAST Configuration
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
For projects that do not already have a `.gitlab-ci.yml` file,
[configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
## Limitations ## Limitations
It is not yet possible to enable or disable most features using the It is not yet possible to enable or disable most features using the
......
...@@ -45,6 +45,12 @@ To add Container Scanning, follow the steps listed in the [Container Scanning do ...@@ -45,6 +45,12 @@ To add Container Scanning, follow the steps listed in the [Container Scanning do
To further configure any of the other scanners, refer to each scanner's documentation. To further configure any of the other scanners, refer to each scanner's documentation.
### SAST configuration
You can set up and configure Static Application Security Testing
(SAST) for your project, without opening a text editor. For more details,
see [configure SAST in the UI](sast/index.md#configure-sast-in-the-ui).
### Override the default registry base address ### Override the default registry base address
By default, GitLab security scanners use `registry.gitlab.com/gitlab-org/security-products/analyzers` as the By default, GitLab security scanners use `registry.gitlab.com/gitlab-org/security-products/analyzers` as the
......
...@@ -24,6 +24,8 @@ You can take advantage of SAST by doing one of the following: ...@@ -24,6 +24,8 @@ You can take advantage of SAST by doing one of the following:
- [Including the SAST template](#configuration) in your existing `.gitlab-ci.yml` file. - [Including the SAST template](#configuration) in your existing `.gitlab-ci.yml` file.
- Implicitly using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate) provided by - Implicitly using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate) provided by
[Auto DevOps](../../../topics/autodevops/index.md). [Auto DevOps](../../../topics/autodevops/index.md).
- Using the [SAST Configuration tool](#configure-sast-in-the-ui) to create the necessary
`.gitlab-ci.yml` file for you.
GitLab checks the SAST report, compares the found vulnerabilities between the GitLab checks the SAST report, compares the found vulnerabilities between the
source and target branches. source and target branches.
...@@ -151,6 +153,19 @@ The results will be saved as a ...@@ -151,6 +153,19 @@ The results will be saved as a
that you can later download and analyze. Due to implementation limitations, we that you can later download and analyze. Due to implementation limitations, we
always take the latest SAST artifact available. always take the latest SAST artifact available.
### Configure SAST in the UI
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
For projects that do not already have a `.gitlab-ci.yml` file, the above
configuration can also be achieved by using the **SAST Configuration** tool.
1. Navigate to **Security & Compliance > Configuration**.
1. Click **Enable** on the Static Application Security Testing (SAST)
row.
A merge request is created, containing the necessary changes for you to review and merge.
### Customizing the SAST settings ### Customizing the SAST settings
The SAST settings can be changed through [environment variables](#available-variables) The SAST settings can be changed through [environment variables](#available-variables)
......
...@@ -9,7 +9,7 @@ module Projects ...@@ -9,7 +9,7 @@ module Projects
before_action only: [:show] do before_action only: [:show] do
push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false) push_frontend_feature_flag(:security_auto_fix, project, default_enabled: false)
push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: false) push_frontend_feature_flag(:sast_configuration_ui, project, default_enabled: true)
end end
before_action only: [:auto_fix] do before_action only: [:auto_fix] do
......
...@@ -31,7 +31,7 @@ module Projects ...@@ -31,7 +31,7 @@ module Projects
private private
def ensure_sast_configuration_enabled! def ensure_sast_configuration_enabled!
not_found unless ::Feature.enabled?(:sast_configuration_ui, project) not_found unless ::Feature.enabled?(:sast_configuration_ui, project, default_enabled: true)
end end
end end
end end
......
---
title: Add SAST Configuration UI
merge_request: 39085
author:
type: added
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment