Propagate excluded paths to SAST & DS jobs

Propagate DS_EXCLUDED_PATHS to dependency_scanning job, and SAST_EXCLUDED_PATHS and SAST_BANDIT_EXCLUDED_PATHS to sast job. This makes possible to excluded certains paths from SAST reports and Dependency Scanning reports, respectively.
2019-05-03 09:03:44 +00:00 · 2019-05-03 09:03:44 +00:00 · 447c40d58d
commit 447c40d58d
parent 6daf4d352e
2 changed files with 3 additions and 0 deletions
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@ -35,6 +35,7 @@ dependency_scanning:
          DS_ANALYZER_IMAGE_PREFIX \
          DS_ANALYZER_IMAGE_TAG \
          DS_DEFAULT_ANALYZERS \
+          DS_EXCLUDED_PATHS \
          DEP_SCAN_DISABLE_REMOTE_CHECKS \
          DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
          DS_PULL_ANALYZER_IMAGE_TIMEOUT \
--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@ -35,6 +35,8 @@ sast:
          SAST_ANALYZER_IMAGE_PREFIX \
          SAST_ANALYZER_IMAGE_TAG \
          SAST_DEFAULT_ANALYZERS \
+          SAST_EXCLUDED_PATHS \
+          SAST_BANDIT_EXCLUDED_PATHS \
          SAST_BRAKEMAN_LEVEL \
          SAST_GOSEC_LEVEL \
          SAST_FLAWFINDER_LEVEL \