As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Select Git revision
  • main
  • remediate/use-of-a-broken-or-risky-cryptographic-algorithm-D20250508T084833
  • remediate/use-of-a-broken-or-risky-cryptographic-algorithm-D20250508T082055
  • remediate/divide-a-number-by-zero-D20250430T095343
  • remediate/divide-a-number-by-zero-D20250318T094024
  • remediate/insecure-string-processing-function--strcpy-D20250318T094024
  • remediate/insecure-string-processing-function--strcpy-D20250318T093658
  • remediate/divide-a-number-by-zero-D20250318T093613
  • remediate/insecure-string-processing-function--strcpy-D20250312T171111
  • remediate/divide-a-number-by-zero-D20250312T171044
  • remediate/insecure-string-processing-function--strcpy-D20250312T170200
  • remediate/divide-a-number-by-zero-D20250312T170100
  • remediate/cross-site-request-forgery--csrf-D20250218T122717
  • greg-main-patch-94036
14 results

README.md

Blame
    • user avatar
    Add troubleshooting & reference links to README
    greg authored
    711afcfd
    History
    user avatar 711afcfd
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    README.md 2.03 KiB

    SAST (Static Application Security Testing) Demo Project

    What is this?

    A composite project for testing of GitLab SAST functionality.

    This project has a small amount of code for several supported languages and frameworks to trigger a variety of SAST scanners and output detected "vulnerabilities".

    This project can be used to demo SAST functionality and expected results, or it can act as the sand in a sandbox for testing SAST and CI job modifications.

    Usage

    1. Import this project to your SaaS namespace or self-managed instance.
    2. Trigger a pipeline.
    3. 🎉

    Troubleshooting Tips

    • If SAST job is failing and it's unclear why, enable debug logging

      variables:
  SECURE_LOG_LEVEL: "debug"

    • If customizations were made to SAST jobs, run a pipeline using bare-minimum SAST defaults to verify that customizations are not causing or contributing to the problem.

      include:
  - template: Security/SAST.gitlab-ci.yml

    Resources

    Contributing

    This project i s licensed under MIT license and is accepting contributions.

    If you have a proposed improvement, create an issue. Or better yet - make the improvement yourself and submit a merge request!

    As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.