From 8d6fbafe059d3d48a8661831a708305801b4f273 Mon Sep 17 00:00:00 2001
From: Moshe Kaplan <mosheekaplan@gmail.com>
Date: Tue, 19 Apr 2022 12:52:05 +0000
Subject: [PATCH] gitlab-ci: Add SAST

---
 .gitlab-ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3b5dba6e72..cd38697541 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,6 +25,8 @@ variables:
   CLANG_VERSION: 14
   # Enable color output in CMake, Ninja, and other tools. https://bixense.com/clicolors/
   CLICOLOR_FORCE: 1
+  # Skip irrelevant SAST scanners:
+  SAST_EXCLUDED_ANALYZERS: "brakeman,eslint,spotbugs"
 
 # Scheduled builds additionally set SCHEDULE_TYPE, which can be one of:
 # - daily: Daily at 10:00 UTC
@@ -904,3 +906,7 @@ Valgrind Menagerie Fuzz:
     - cd ..
     - ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
   needs: [ 'ASan randpkt Fuzz' ]
+
+
+include:
+  - template: Security/SAST.gitlab-ci.yml