Add latest changes from gitlab-org/gitlab@master

1 files changed, 51 insertions, 0 deletions

diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 5693c6c50ec..2672b0f3461 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -199,9 +199,60 @@ include:
   - template: SAST.gitlab-ci.yml
 
 variables:
+  SAST_DISABLE_DIND: "true"
   SCAN_KUBERNETES_MANIFESTS: "true"
 ```
 
+#### Pre-compilation
+
+If your project requires custom build configurations, it can be preferable to avoid
+compilation during your SAST execution and instead pass all job artifacts from an
+earlier stage within the pipeline.
+
+To pass your project's dependencies as artifacts, the dependencies must be included
+in the project's working directory and specified using the `artifacts:path` configuration.
+If all dependencies are present, the `-compile=false` flag can be provided to the
+analyzer and compilation will be skipped:
+
+```yaml
+image: maven:3.6-jdk-8-alpine
+
+stages:
+ - build
+ - test
+
+include:
+  template: SAST.gitlab-ci.yml
+
+variables:
+  SAST_DISABLE_DIND: "true"
+
+build:
+  stage: build
+  script:
+    - mvn package -Dmaven.repo.local=./.m2/repository
+  artifacts:
+    paths:
+      - .m2/
+      - target/
+
+spotbugs-sast:
+  dependencies: build
+  script:
+    - /analyzer run -compile=false
+  variables:
+    MAVEN_REPO_PATH: ./.m2/repository
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+```
+
+NOTE: **Note:**
+The path to the vendored directory must be specified explicitly to allow
+the analyzer to recognize the compiled artifacts. This configuration can vary per
+analyzer but in the case of Java above, `MAVEN_REPO_PATH` can be used.
+See [Analyzer settings](#analyzer-settings) for the complete list of available options.
+
 ### Available variables
 
 SAST can be [configured](#customizing-the-sast-settings) using environment variables.