How to change the default stage name that comes from Gitlab templates

Hi everyone,

the situation I have is such, maybe someone will have an idea.
So I have my security checks template that the dev teams are being including in their projects. Now finally the gitlab plan upgrade came through (hoooray for the board that approved it :smiley: ) and I can enable gitlab security features.

Ideally I’d want to include these few lines in my already existing security.yml and I’d hope to be fine

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml

Unfortunately for me, that’s not so easy. Here’s the catch. My current scanners file had the stage name security-testing, like this:

gitleaks:
  stage: security-testing
  image:
    name: registry.gitlab.com/...../container-image-cache/gitleaks:v7.4.1 
.....

Where the scans from gitlab templates are having test stage name. For everyone to work correctly, I’d need to go to all the projects that depend from current template and add the test stage (which sounds insane amount of work).

The question is: how can I include the gitlab sast template into my template but change the stage name into security-testing?
Thanks a lot!

Hi, @viliusp.

Looking at the source code for the SAST template, you can see:

sast:
  stage: test

The other templates you mentioned will have a similar structure.

You should be able to override the stage for SAST and the other analyzers in your own .gitlab-ci.yml by doing something like this:

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml

sast:
  stage: security-testing
secret_detection:
  stage: security-testing
dependency_scanning:
  stage: security-testing
2 Likes

Thank you!

I was searching for something like that in the help docs. This was exactly that and solved my issue.

1 Like