How to Run SAST Scanning in GitLab CI
GitLab ships a SAST template that auto-detects your languages and runs the right analyzers.
Include Security/SAST.gitlab-ci.yml and GitLab adds a sast job that scans your source. Findings surface in the merge request security widget and the vulnerability report.
Include the SAST template
A single include pulls in the managed SAST job; tune analyzers with SAST_* variables.
.gitlab-ci.yml
include:
- template: Security/SAST.gitlab-ci.yml
variables:
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
stages:
- test
- buildNotes
- The template adds the sast job into the test stage automatically; define that stage so the job has a place to run.
- SAST results appear in merge request widgets only when the pipeline runs on a merge request or the default branch.
Related guides
How to Publish a Docker Image to the GitLab Registry in GitLab CIBuild and push a container image to the GitLab Container Registry from CI using the built-in CI_REGISTRY cred…
How to Use a CI/CD Catalog Component in GitLab CIReuse a published GitLab CI/CD catalog component with include:component and inputs so you pull in tested pipe…