Merge branch 'enable-sast-scanning' into 'master'

Enable various forms of scanning See merge request !622

Merge branch 'enable-sast-scanning' into 'master'
40816771 · Corné Lukken · c290fdb7 · 496fd4d3 · 40816771 · 40816771
Commit 40816771 authored 1 year ago by Corné Lukken
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,6 +12,9 @@ workflow:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: $CI_COMMIT_TAG
    - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml

 stages:
  - prepare
@@ -328,6 +331,16 @@ shellcheck:
    - shellcheck --version
    - shellcheck **/*.sh

+sast:
+  variables:
+    SAST_EXCLUDED_PATHS: "*.tox"
+    SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, security-code-scan, sobelow, spotbugs
+  stage: static-analysis
+
+dependency_scanning:
+  stage: static-analysis
+
 sphinx_documentation:
  stage: documentation
  script:

--- a/tangostationcontrol/VERSION
+++ b/tangostationcontrol/VERSION
-0.17.0
+0.18.2