debian-mirror-gitlab/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
#
# Configure the scanning tool through the environment variables.
# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables

variables:
  # Setting this variable will affect all Security templates
  # (SAST, Dependency Scanning, ...)
  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"

  SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, secrets, sobelow, pmd-apex, kubesec"
  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
  SAST_ANALYZER_IMAGE_TAG: 2
  SAST_DISABLE_DIND: "true"
  SCAN_KUBERNETES_MANIFESTS: "false"

sast:
  stage: test
  allow_failure: true
  artifacts:
    reports:
      sast: gl-sast-report.json
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'true'
      when: never
    - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bsast\b/
  image: docker:stable
  variables:
    SEARCH_MAX_DEPTH: 4
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  services:
    - docker:stable-dind
  script:
    - |
      if ! docker info &>/dev/null; then
        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
          export DOCKER_HOST='tcp://localhost:2375'
        fi
      fi
    - |
      docker run \
        $(awk 'BEGIN{for(v in ENVIRON) print v}' | grep -v -E '^(DOCKER_|CI|GITLAB_|FF_|HOME|PWD|OLDPWD|PATH|SHLVL|HOSTNAME)' | awk '{printf " -e %s", $0}') \
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_ANALYZER_IMAGE_TAG" /app/bin/run /code

.sast-analyzer:
  extends: sast
  services: []
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/
  script:
    - /analyzer run

bandit-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /bandit/
      exists:
        - '**/*.py'

brakeman-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $SAST_DEFAULT_ANALYZERS =~ /brakeman/
      exists:
        - 'config/routes.rb'

eslint-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $SAST_DEFAULT_ANALYZERS =~ /eslint/
      exists:
        - '**/*.html'
        - '**/*.js'
        - '**/*.jsx'
        - '**/*.ts'
        - '**/*.tsx'

flawfinder-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /flawfinder/
      exists:
        - '**/*.c'
        - '**/*.cpp'

kubesec-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /kubesec/ &&
          $SCAN_KUBERNETES_MANIFESTS == 'true'

gosec-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /gosec/
      exists:
        - '**/*.go'

nodejs-scan-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
      exists:
        - 'package.json'

phpcs-security-audit-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/
      exists:
        - '**/*.php'

pmd-apex-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /pmd-apex/
      exists:
        - '**/*.cls'

secrets-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /secrets/

security-code-scan-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /security-code-scan/
      exists:
        - '**/*.csproj'
        - '**/*.vbproj'

sobelow-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /sobelow/
      exists:
        - 'mix.exs'

spotbugs-sast:
  extends: .sast-analyzer
  image:
    name: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED || $SAST_DISABLE_DIND == 'false'
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /spotbugs/
      exists:
        - '**/*.groovy'
        - '**/*.java'
        - '**/*.scala'
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`#`
			`# Configure the scanning tool through the environment variables.`
			`# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings`
			`# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`variables:`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`# Setting this variable will affect all Security templates`
			`# (SAST, Dependency Scanning, ...)`
			`SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, secrets, sobelow, pmd-apex, kubesec"`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`SAST_ANALYZER_IMAGE_TAG: 2`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`SAST_DISABLE_DIND: "true"`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`SCAN_KUBERNETES_MANIFESTS: "false"`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30
			`sast:`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`stage: test`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`allow_failure: true`
			`artifacts:`
			`reports:`
			`sast: gl-sast-report.json`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'true'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bsast\b/`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`image: docker:stable`
			`variables:`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`SEARCH_MAX_DEPTH: 4`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`DOCKER_DRIVER: overlay2`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`DOCKER_TLS_CERTDIR: ""`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`services:`
			`- docker:stable-dind`
			`script:`
			`- \|`
			`if ! docker info &>/dev/null; then`
			`if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then`
			`export DOCKER_HOST='tcp://localhost:2375'`
			`fi`
			`fi`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`- \|`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`docker run \`
			`$(awk 'BEGIN{for(v in ENVIRON) print v}' \| grep -v -E '^(DOCKER_\|CI\|GITLAB_\|FF_\|HOME\|PWD\|OLDPWD\|PATH\|SHLVL\|HOSTNAME)' \| awk '{printf " -e %s", $0}') \`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`--volume "$PWD:/code" \`
			`--volume /var/run/docker.sock:/var/run/docker.sock \`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_ANALYZER_IMAGE_TAG" /app/bin/run /code`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`.sast-analyzer:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`extends: sast`
			`services: []`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`script:`
			`- /analyzer run`

			`bandit-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /bandit/`
			`exists:`
			`- '*/.py'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`brakeman-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$SAST_DEFAULT_ANALYZERS =~ /brakeman/`
			`exists:`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`- 'config/routes.rb'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`eslint-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$SAST_DEFAULT_ANALYZERS =~ /eslint/`
			`exists:`
			`- '*/.html'`
			`- '*/.js'`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`- '*/.jsx'`
			`- '*/.ts'`
			`- '*/.tsx'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`flawfinder-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /flawfinder/`
			`exists:`
			`- '*/.c'`
			`- '*/.cpp'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`kubesec-sast:`
			`extends: .sast-analyzer`
			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`$SAST_DEFAULT_ANALYZERS =~ /kubesec/ &&`
			`$SCAN_KUBERNETES_MANIFESTS == 'true'`

New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`gosec-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /gosec/`
			`exists:`
			`- '*/.go'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`nodejs-scan-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/`
			`exists:`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`- 'package.json'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`phpcs-security-audit-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/`
			`exists:`
			`- '*/.php'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`pmd-apex-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /pmd-apex/`
			`exists:`
			`- '*/.cls'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`secrets-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`$SAST_DEFAULT_ANALYZERS =~ /secrets/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`security-code-scan-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /security-code-scan/`
			`exists:`
			`- '*/.csproj'`
			`- '*/.vbproj'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`sobelow-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /sobelow/`
			`exists:`
New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`- 'mix.exs'`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`spotbugs-sast:`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`extends: .sast-analyzer`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`name: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`rules:`
			`- if: $SAST_DISABLED \|\| $SAST_DISABLE_DIND == 'false'`
			`when: never`
			`- if: $CI_COMMIT_BRANCH &&`
			`$GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /spotbugs/`
			`exists:`
			`- '*/.groovy'`
			`- '*/.java'`
			`- '*/.scala'`