The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

How to Enable GitLab SAST

Enable GitLab SAST on your project to detect vulnerabilities in your source code.
For more information, see SAST practice

.

Configure your pipeline

Add the following to your .gitlab-ci.yml and push to your repository:

include:
  - template: Security/SAST.gitlab-ci.yml
Tip

To avoid cloning the repository locally, GitLab can generate this change for you. Requires Maintainer role. Go to Secure > Security configuration , find the Static Application Security Testing (SAST) row, select Enable SAST , then Create merge request .

sast-enable

(Optional) To exclude specific directories from the scan, add a variables section:

variables:
  SAST_EXCLUDED_PATHS: venv/

(Optional) To activate Advanced SAST and enable cross-function and cross-file taint analysis:

variables:
  GITLAB_ADVANCED_SAST_ENABLED: 'true'
Note

You can find a Feature comparison between Basic and Advanced SAST.