Hi team, below is my current gitlab ci file to run security scans
---
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
.base-rules:
rules:
- changes:
- $PROJECT_DIR/**/*
- ci/**/*
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
SAST_EXCLUDED_PATHS: "spec,test,tests,tmp,server/libs,assets,vendor,*.min.js,!${PROJECT_DIR},!${PROJECT_DIR}/**"
DS_EXCLUDED_PATHS: "spec,test,tests,tmp,!${PROJECT_DIR},!${PROJECT_DIR}/**"
DS_REMEDIATE: "false"
DS_MAX_DEPTH: -1
dependency_scanning:
extends: [ .base-rules ]
sast:
extends: [ .base-rules ]
secret_detection:
extends: [ .base-rules ]
i was expecting it to trigger scans for only changes in $PROJECT_DIR, ci folders and include only $PROJECT_DIR as part of scans (need this as i am using mono repo). but both are not happening, scans are triggered for any changes in repo and scanning all projects. any idea on this ?
thanks