Add SAST default analyzer strings and add missing SAST analyzer from the docsdocs-update-sast-default-analyzer-list

1 files changed, 17 insertions, 0 deletions

diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md
index 59835aeba01..9eb74826139 100644
--- a/doc/user/application_security/sast/analyzers.md
+++ b/doc/user/application_security/sast/analyzers.md
@@ -29,6 +29,23 @@ SAST supports the following official analyzers:
 - [Security Code Scan (.NET)](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan)
 - [TSLint (Typescript)](https://gitlab.com/gitlab-org/security-products/analyzers/tslint)
 - [Sobelow (Elixir Phoenix)](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow)
+- [PMD Apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex)
+
+In order to use these analyzers please use the below values for the `SAST_DEFAULT_ANALYZERS` keyword:
+
+- Bandit: `bandit`
+- Brakeman: `brakeman`
+- ESLint (Javascript): `eslint`
+- SpotBugs with the Find Sec Bugs plugin (Ant, Gradle and wrapper, Grails, Maven and wrapper, SBT): `spotbugs`
+- Flawfinder: `flawfinder`
+- Gosec: `gosec`
+- NodeJsScan: `nodejs-scan`
+- PHP CS security-audit: `phpcs-security-audit`
+- Secrets (Gitleaks, TruffleHog & Diffence secret detectors): `secrets`
+- Security Code Scan (.NET): `security-code-scan`
+- TSLint (Typescript): `tslint`
+- Sobelow (Elixir Phoenix): `sobelow`
+- PMD Apex (Apex projects): `pmd-apex`
 
 The analyzers are published as Docker images that SAST will use to launch
 dedicated containers for each analysis.