Merge branch 'dz-add-sast' into 'master'

Remove security checks from static analysis and add sast job See merge request gitlab-org/gitlab-ce!16113

Merge branch 'dz-add-sast' into 'master'
Remove security checks from static analysis and add sast job See merge request gitlab-org/gitlab-ce!16113
7fdb7762 · Rémy Coutable · 0eaf1c52 · ef82cbef · 7fdb7762 · 7fdb7762
隐藏空白更改
内联并排

Showing with 8 addition and 2 deletion

.gitlab-ci.yml .gitlab-ci.yml +8 -0

scripts/static-analysis scripts/static-analysis +0 -2

未找到文件。
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -600,6 +600,14 @@ codequality:
  artifacts:
    paths: [codeclimate.json]

+sast:
+  image: registry.gitlab.com/gitlab-org/gl-sast:latest
+  before_script: []
+  script:
+    - /app/bin/run .
+  artifacts:
+    paths: [gl-sast-report.json]
+
 qa:internal:
  <<: *dedicated-runner
  <<: *except-docs

--- a/scripts/static-analysis
+++ b/scripts/static-analysis
@@ -3,12 +3,10 @@
 require ::File.expand_path('../lib/gitlab/popen', __dir__)

 tasks = [
-  %w[bundle exec bundle-audit check --update],
  %w[bundle exec rake config_lint],
  %w[bundle exec rake flay],
  %w[bundle exec rake haml_lint],
  %w[bundle exec rake scss_lint],
-  %w[bundle exec rake brakeman],
  %w[bundle exec license_finder],
  %w[yarn run eslint],
  %w[bundle exec rubocop --parallel],