Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f9e6644f
Commit
f9e6644f
authored
Mar 19, 2020
by
Nick Gaskill
Committed by
Achilleas Pipinellis
Mar 19, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Edits to SAST intro
parent
492a658b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
12 deletions
+16
-12
doc/user/application_security/sast/index.md
doc/user/application_security/sast/index.md
+16
-12
No files found.
doc/user/application_security/sast/index.md
View file @
f9e6644f
...
@@ -17,10 +17,11 @@ to learn how to protect your organization.
...
@@ -17,10 +17,11 @@ to learn how to protect your organization.
If you are using
[
GitLab CI/CD
](
../../../ci/README.md
)
, you can analyze your source code for known
If you are using
[
GitLab CI/CD
](
../../../ci/README.md
)
, you can analyze your source code for known
vulnerabilities using Static Application Security Testing (SAST).
vulnerabilities using Static Application Security Testing (SAST).
You can take advantage of SAST by either
[
including the CI job
](
#configuration
)
in
You can take advantage of SAST by doing one of the following:
your existing
`.gitlab-ci.yml`
file or by implicitly using
[
Auto SAST
](
../../../topics/autodevops/index.md#auto-sast-ultimate
)
-
[
Including the CI job
](
#configuration
)
in your existing
`.gitlab-ci.yml`
file.
that is provided by
[
Auto DevOps
](
../../../topics/autodevops/index.md
)
.
-
Implicitly using
[
Auto SAST
](
../../../topics/autodevops/index.md#auto-sast-ultimate
)
provided by
[
Auto DevOps
](
../../../topics/autodevops/index.md
)
.
GitLab checks the SAST report, compares the found vulnerabilities between the
GitLab checks the SAST report, compares the found vulnerabilities between the
source and target branches, and shows the information right on the merge request.
source and target branches, and shows the information right on the merge request.
...
@@ -91,12 +92,14 @@ The Java analyzers can also be used for variants like the
...
@@ -91,12 +92,14 @@ The Java analyzers can also be used for variants like the
## Configuration
## Configuration
For GitLab 11.9 and later, to enable SAST, you must
NOTE:
**Note:**
[
include
](
../../../ci/yaml/README.md#includetemplate
)
the
You don't have to configure SAST manually as shown in this section if you're using
[
Auto SAST
](
../../../topics/autodevops/index.md#auto-sast-ultimate
)
[
`SAST.gitlab-ci.yml` template
](
https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
)
provided by
[
Auto DevOps
](
../../../topics/autodevops/index.md
)
.
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
For GitLab 11.9 and later, to enable SAST you must
[
include
](
../../../ci/yaml/README.md#includetemplate
)
that template.
the
[
`SAST.gitlab-ci.yml` template
](
https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
)
that is provided as a part of your GitLab installation. For GitLab versions earlier than 11.9, you
can copy and use the job as defined that template.
Add the following to your
`.gitlab-ci.yml`
file:
Add the following to your
`.gitlab-ci.yml`
file:
...
@@ -448,8 +451,9 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
...
@@ -448,8 +451,9 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
## Secret detection
## Secret detection
GitLab is also able to detect secrets and credentials that have been unintentionally pushed to the repository.
GitLab is also able to detect secrets and credentials that have been unintentionally pushed to the
For example, an API key that allows write access to third-party deployment environments.
repository (for example, an API key that allows write access to third-party deployment
environments).
This check is performed by a specific analyzer during the
`sast`
job. It runs regardless of the programming
This check is performed by a specific analyzer during the
`sast`
job. It runs regardless of the programming
language of your app, and you don't need to change anything to your
language of your app, and you don't need to change anything to your
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment