debian-mirror-gitlab/app/validators/json_schemas/security_ci_configuration_schemas/sast_ui_schema.json

{
    "global": [
        {
            "field" : "SECURE_ANALYZERS_PREFIX",
            "label" : "Image prefix",
            "type": "string",
            "default_value": "",
            "value": "",
            "size": "LARGE",
            "description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
        },
        {
            "field" : "SAST_EXCLUDED_PATHS",
            "label" : "Excluded Paths",
            "type": "string",
            "default_value": "",
            "value": "",
            "size": "MEDIUM",
            "description": "Comma-separated list of paths to be excluded from analyzer output. Patterns can be globs, file paths, or folder paths."
        },
        {
            "field" : "SAST_ANALYZER_IMAGE_TAG",
            "label" : "Image tag",
            "type": "string",
            "default_value": "",
            "value": "",
            "size": "SMALL",
            "description": "Analyzer image's tag"
        }
    ],
    "pipeline": [
        {
            "field" : "stage",
            "label" : "Stage",
            "type": "string",
            "default_value": "",
            "value": "",
            "size": "MEDIUM",
            "description": "Pipeline stage in which the scan jobs run"
        },
        {
            "field" : "SEARCH_MAX_DEPTH",
            "label" : "Search maximum depth",
            "type": "string",
            "default_value": "",
            "value": "",
            "size": "SMALL",
            "description": "Maximum depth of language and framework detection"
        }
    ],
    "analyzers": [
        {
            "name": "brakeman",
            "label": "Brakeman",
            "enabled" : true,
            "description": "Ruby on Rails",
            "variables": [
                {
                    "field" : "SAST_BRAKEMAN_LEVEL",
                    "label" : "Brakeman confidence level.",
                    "type": "string",
                    "default_value": "1",
                    "value": "",
                    "size": "SMALL",
                    "description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High."
                }
            ]
        },
        {
            "name": "bandit",
            "label": "Bandit",
            "enabled" : true,
            "description": "Python",
            "variables": [
                {
                    "field" : "SAST_BANDIT_EXCLUDED_PATHS",
                    "label" : "Paths to exclude from scan.",
                    "type": "string",
                    "default_value": "",
                    "value": "",
                    "size": "SMALL",
                    "description": "Comma-separated list of paths to exclude from scan. Uses Python’s 'fnmatch' syntax; For example: '*/tests/*, */venv/*'"
                }
            ]
        },
        {
            "name": "eslint",
            "label": "ESLint",
            "enabled" : true,
            "description": "JavaScript, TypeScript, React",
            "variables": []
        },
        {
            "name": "flawfinder",
            "label": "Flawfinder",
            "enabled" : true,
            "description": "C, C++",
            "variables": [
                {
                    "field" : "SAST_FLAWFINDER_LEVEL",
                    "label" : "Flawfinder risk level",
                    "type": "string",
                    "default_value": "1",
                    "value": "",
                    "size": "SMALL",
                    "description": "Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk."
                }
            ]
        },
        {
            "name": "kubesec",
            "label": "kubesec",
            "enabled" : true,
            "description": "Kubernetes manifests, Helm Charts",
            "variables": []
        },
        {
            "name": "nodejs-scan",
            "label": "Node.js Scan",
            "enabled" : true,
            "description": "Node.js",
            "variables": []
        },
        {
            "name": "gosec",
            "label": "Golang Security Checker",
            "enabled" : true,
            "description": "Go",
            "variables": [
                {
                    "field" : "SAST_GOSEC_LEVEL",
                    "label" : "Gosec confidence level",
                    "type": "string",
                    "default_value": "0",
                    "value": "",
                    "size": "SMALL",
                    "description": "Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High."
                }
            ]
        },
        {
            "name": "phpcs-security-audit",
            "label": "PHP Security Audit",
            "enabled" : true,
            "description": "PHP",
            "variables": []
        },
        {
            "name": "pmd-apex",
            "label": "PMD APEX",
            "enabled" : true,
            "description": "Apex (Salesforce)",
            "variables": []
        },
        {
            "name": "security-code-scan",
            "label": "Security Code Scan",
            "enabled" : true,
            "description": ".NET Core, .NET Framework",
            "variables": []
        },
        {
            "name": "sobelow",
            "label": "Sobelow",
            "enabled" : true,
            "description": "Elixir (Phoenix)",
            "variables": []
        },
        {
            "name": "spotbugs",
            "label": "Spotbugs",
            "enabled" : true,
            "description": "Groovy, Java, Scala",
            "variables": []
        }
    ]
}