[SOLVED]Override "before_script" and "tags" using include template (SAST / Secret Detection)

Hello,

I am trying to include the default gitlab templates for SAST and secret detection into my .gitlab-ci.yml using include template as stated in the documentation (like here). Unfortunately my pipeline definition already contains a before_script section under default which logs into docker registry. Is there any possibility to tell the include to use an empty before_script or to add some tags (in order to assgin shared runners using tags)?

Any feedback or ideas are welcome.

Best regards Jörg

Hi,
you can override job definitions from template.

include:
  - template: Security/SAST.gitlab-ci.yml

# override eslint-sast job from SAST template
eslint-sast:
  tags:
    - my_tag_123
  before_script:
    - echo "before script"

if you need to see how are the jobs defined, templates are available here lib/gitlab/ci/templates · master · GitLab.org / GitLab · GitLab

1 Like

Thanks for the reply - could even add .secret-analyzer and sast have it configured for all possible analyzers at once.

Yes you can, my code was just an example. Don’t forget to check from time to time for any changes to the SAST template that may require some changes in your overrides.