I’m trying to run Gitlab’s SAST on a python project and not let the job pass if there are any findings.
All works fine, except that I can’t get
allow_failure: true to be respected. I’ve tried adding
bandit-sast, individually and all at once, and still it passes with findings.
Am I missing anything?
Here’s how I set it up in .gtlab-ci.yml:
include: - template: Security/SAST.gitlab-ci.yml sast: allow_failure: false artifacts: paths: - gl-sast-report.json .sast-analyzer: allow_failure: false bandit-sast: allow_failure: false