From 3e52451e13f8077c64c13e574d36c7586baf09fb Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Tue, 20 Feb 2024 10:32:04 +0400
Subject: [PATCH] semgrep-sast

Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
---
 Release-Latest.gitlab-ci.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Release-Latest.gitlab-ci.yml b/Release-Latest.gitlab-ci.yml
index 9d1e3de..76b0e04 100644
--- a/Release-Latest.gitlab-ci.yml
+++ b/Release-Latest.gitlab-ci.yml
@@ -30,3 +30,24 @@ secret_detection:
     - if: '$SECRET_DETECTION_DISABLED'
       when: never
     - if: '$CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
+
+semgrep-sast:
+  rules:
+    - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
+      when: never
+    - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
+      when: never
+    - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+      exists:
+        - '**/*.py'
+        - '**/*.js'
+        - '**/*.jsx'
+        - '**/*.ts'
+        - '**/*.tsx'
+        - '**/*.c'
+        - '**/*.go'
+        - '**/*.java'
+        - '**/*.cs'
+        - '**/*.html'
+        - '**/*.scala'
+        - '**/*.sc'
-- 
GitLab