From 447c40d58d63b9d10162100973884cb97e79f85d Mon Sep 17 00:00:00 2001 From: Fabien Catteau Date: Fri, 3 May 2019 09:03:44 +0000 Subject: Propagate excluded paths to SAST & DS jobs Propagate DS_EXCLUDED_PATHS to dependency_scanning job, and SAST_EXCLUDED_PATHS and SAST_BANDIT_EXCLUDED_PATHS to sast job. This makes possible to excluded certains paths from SAST reports and Dependency Scanning reports, respectively. --- lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml | 1 + lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml index 263221329ab..8dd9775c583 100644 --- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml @@ -35,6 +35,7 @@ dependency_scanning: DS_ANALYZER_IMAGE_PREFIX \ DS_ANALYZER_IMAGE_TAG \ DS_DEFAULT_ANALYZERS \ + DS_EXCLUDED_PATHS \ DEP_SCAN_DISABLE_REMOTE_CHECKS \ DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ DS_PULL_ANALYZER_IMAGE_TIMEOUT \ diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index f0152cd4537..706692e063b 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -35,6 +35,8 @@ sast: SAST_ANALYZER_IMAGE_PREFIX \ SAST_ANALYZER_IMAGE_TAG \ SAST_DEFAULT_ANALYZERS \ + SAST_EXCLUDED_PATHS \ + SAST_BANDIT_EXCLUDED_PATHS \ SAST_BRAKEMAN_LEVEL \ SAST_GOSEC_LEVEL \ SAST_FLAWFINDER_LEVEL \ -- cgit v1.2.1