debian-mirror-gitlab/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
#
# Configure the scanning tool through the environment variables.
# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables

variables:
  SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
  SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"
  SAST_MAJOR_VERSION: 2
  SAST_DISABLE_DIND: "false"

sast:
  stage: test
  allow_failure: true
  artifacts:
    reports:
      sast: gl-sast-report.json
  only:
    refs:
      - branches
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  services:
    - docker:stable-dind
  script:
    - export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
    - |
      if ! docker info &>/dev/null; then
        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
          export DOCKER_HOST='tcp://localhost:2375'
        fi
      fi
    - | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
      function propagate_env_vars() {
        CURRENT_ENV=$(printenv)

        for VAR_NAME; do
          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
        done
      }
    - |
      docker run \
        $(propagate_env_vars \
          SAST_BANDIT_EXCLUDED_PATHS \
          SAST_ANALYZER_IMAGES \
          SAST_ANALYZER_IMAGE_PREFIX \
          SAST_ANALYZER_IMAGE_TAG \
          SAST_DEFAULT_ANALYZERS \
          SAST_PULL_ANALYZER_IMAGES \
          SAST_BRAKEMAN_LEVEL \
          SAST_FLAWFINDER_LEVEL \
          SAST_GITLEAKS_ENTROPY_LEVEL \
          SAST_GOSEC_LEVEL \
          SAST_EXCLUDED_PATHS \
          SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
          SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
          SAST_RUN_ANALYZER_TIMEOUT \
          SAST_JAVA_VERSION \
          ANT_HOME \
          ANT_PATH \
          GRADLE_PATH \
          JAVA_OPTS \
          JAVA_PATH \
          JAVA_8_VERSION \
          JAVA_11_VERSION \
          MAVEN_CLI_OPTS \
          MAVEN_PATH \
          MAVEN_REPO_PATH \
          SBT_PATH \
          FAIL_NEVER \
        ) \
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
  except:
    variables:
      - $SAST_DISABLED
      - $SAST_DISABLE_DIND == 'true'

.analyzer:
  extends: sast
  services: []
  except:
    variables:
      - $SAST_DISABLE_DIND == 'false'
  script:
    - /analyzer run

bandit-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /bandit/&&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/

brakeman-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /brakeman/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/

eslint-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /eslint/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/

flawfinder-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /flawfinder/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c)\b/

gosec-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /gosec/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bgo\b/

nodejs-scan-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/

phpcs-security-audit-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/

pmd-apex-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /pmd-apex/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/

secrets-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /secrets/

security-code-scan-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /security-code-scan/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\#|visual basic\b)/

sobelow-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /sobelow/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/

spotbugs-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /spotbugs/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /java\b/

tslint-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_MAJOR_VERSION"
  only:
    variables:
      - $GITLAB_FEATURES =~ /\bsast\b/ &&
          $SAST_DEFAULT_ANALYZERS =~ /tslint/ &&
          $CI_PROJECT_REPOSITORY_LANGUAGES =~ /typescript/
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`#`
			`# Configure the scanning tool through the environment variables.`
			`# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings`
			`# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`variables:`
			`SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"`
			`SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"`
			`SAST_MAJOR_VERSION: 2`
			`SAST_DISABLE_DIND: "false"`

			`sast:`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`stage: test`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`allow_failure: true`
			`artifacts:`
			`reports:`
			`sast: gl-sast-report.json`
			`only:`
			`refs:`
			`- branches`
			`variables:`
			`- $GITLAB_FEATURES =~ /\bsast\b/`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`image: docker:stable`
			`variables:`
			`DOCKER_DRIVER: overlay2`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`DOCKER_TLS_CERTDIR: ""`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`services:`
			`- docker:stable-dind`
			`script:`
			`- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" \| sed 's/^\([0-9]\)\.\([0-9]\).*/\1-\2-stable/')}`
			`- \|`
			`if ! docker info &>/dev/null; then`
			`if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then`
			`export DOCKER_HOST='tcp://localhost:2375'`
			`fi`
			`fi`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`- \| # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage`
			`function propagate_env_vars() {`
			`CURRENT_ENV=$(printenv)`

			`for VAR_NAME; do`
			`echo $CURRENT_ENV \| grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "`
			`done`
			`}`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`- \|`
			`docker run \`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`$(propagate_env_vars \`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`SAST_BANDIT_EXCLUDED_PATHS \`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`SAST_ANALYZER_IMAGES \`
			`SAST_ANALYZER_IMAGE_PREFIX \`
			`SAST_ANALYZER_IMAGE_TAG \`
			`SAST_DEFAULT_ANALYZERS \`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`SAST_PULL_ANALYZER_IMAGES \`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`SAST_BRAKEMAN_LEVEL \`
			`SAST_FLAWFINDER_LEVEL \`
			`SAST_GITLEAKS_ENTROPY_LEVEL \`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`SAST_GOSEC_LEVEL \`
			`SAST_EXCLUDED_PATHS \`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \`
			`SAST_PULL_ANALYZER_IMAGE_TIMEOUT \`
			`SAST_RUN_ANALYZER_TIMEOUT \`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`SAST_JAVA_VERSION \`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`ANT_HOME \`
			`ANT_PATH \`
			`GRADLE_PATH \`
			`JAVA_OPTS \`
			`JAVA_PATH \`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`JAVA_8_VERSION \`
			`JAVA_11_VERSION \`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`MAVEN_CLI_OPTS \`
			`MAVEN_PATH \`
			`MAVEN_REPO_PATH \`
			`SBT_PATH \`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`FAIL_NEVER \`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`) \`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`--volume "$PWD:/code" \`
			`--volume /var/run/docker.sock:/var/run/docker.sock \`
			`"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code`
			`except:`
			`variables:`
			`- $SAST_DISABLED`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`- $SAST_DISABLE_DIND == 'true'`

			`.analyzer:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`extends: sast`
			`services: []`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`except:`
			`variables:`
			`- $SAST_DISABLE_DIND == 'false'`
			`script:`
			`- /analyzer run`

			`bandit-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /bandit/&&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`brakeman-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /brakeman/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`eslint-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /eslint/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`flawfinder-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /flawfinder/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+\|c)\b/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`gosec-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /gosec/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bgo\b/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`nodejs-scan-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`phpcs-security-audit-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`pmd-apex-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /pmd-apex/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`secrets-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_MAJOR_VERSION"`
			`only:`
			`variables:`
			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /secrets/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`security-code-scan-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /security-code-scan/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\#\|visual basic\b)/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`sobelow-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /sobelow/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`spotbugs-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /spotbugs/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /java\b/`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`tslint-sast:`
			`extends: .analyzer`
			`image:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_MAJOR_VERSION"`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`only:`
			`variables:`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`- $GITLAB_FEATURES =~ /\bsast\b/ &&`
			`$SAST_DEFAULT_ANALYZERS =~ /tslint/ &&`
			`$CI_PROJECT_REPOSITORY_LANGUAGES =~ /typescript/`