The results are sorted by the priority of the vulnerability:Ī pipeline consists of multiple jobs, including SAST and DAST scanning. With GitLab Ultimate, SAST results are also processed so you can:įor more details, see the Summary of features per tier. The analyzers output JSON-formatted reports as job artifacts. You can run SAST analyzers inĪny GitLab tier. Testing (SAST) to check your source code for known vulnerabilities. If you’re using GitLab CI/CD, you can use Static Application Security The whitepaper “A Seismic Shift in Application Security”Įxplains how 4 of the top 6 attacks were application based. MobSF job fails with error message Reading from ist Static Application Security Testing (SAST).Workaround 3: Upgrade to GitLab 13.x and use the defaults.Workaround 2: Disable Docker-in-Docker for SAST and Dependency Scanning (GitLab 12.3 and later).
Workaround 1: Pin analyzer versions (GitLab 12.1 and earlier).SAST job fails with message strconv.ParseUint: parsing "0.0": invalid syntax.
Set SAST CI/CD variables to use local SAST analyzers.If support for Custom Certificate Authorities are needed.Make GitLab SAST analyzer images available inside your Docker registry.Using a CI/CD variable to pass username and password to a private Maven repository.Using a CI/CD variable to pass username and password to a private Go repository.Using CI/CD variables to pass credentials for private repositories.Configure SAST in the UI with default settings only.Configure SAST in the UI with customizations.Enable multi-project support for Security Code Scan.
0 kommentar(er)
