Hi Team,
I am using GitLab SAST. Rule condition check is not working. Currently GitLab SAST is running for all branches even I added condition check.
Sample Code:
include:
- template: Security/SAST.gitlab-ci.yml
sast:
stage: app security scan
when: manual
image: gitlab/gitlab-runner:latest
tags:
- edms-docker-sast
script:
- echo "Running SAST for branch $CI_COMMIT_BRANCH"
allow_failure: true
rules:
- if: '$CI_COMMIT_BRANCH =="main"'
when: always
- when: never
I tried both $CI_COMMIT_BRANCH and $CI_COMMIT_REF_NAME in the rules condition check but it is not working properly. Git Lab SAST feature is running for all branches even i added condition check. My requirement is that it should run only specified branches.
one more issue “allow_failure: true/false”. both values are not impacting my pipeline flow. Even though my project scan is generated the gl-sast-report.json file. My another requirement is that if gl-sast-report.json file have vulnerability code is found. Block current pipeline stages and should not process other stages
Git Lab : SAST : Version Details
gitlab-runner 17.5.3 (12030cf4)
GitLab Semgrep analyzer v5.25.0