summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml5
-rw-r--r--lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml16
2 files changed, 18 insertions, 3 deletions
diff --git a/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml b/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml
new file mode 100644
index 00000000000..bce5781afec
--- /dev/null
+++ b/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml
@@ -0,0 +1,5 @@
+---
+title: 'Fix: propagate all documented ENV vars to CI when using SAST'
+merge_request: 10842
+author:
+type: fixed
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
index abf16e5b2e7..8713b833011 100644
--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -31,19 +31,29 @@ sast:
- |
docker run \
$(propagate_env_vars \
+ SAST_BANDIT_EXCLUDED_PATHS \
SAST_ANALYZER_IMAGES \
SAST_ANALYZER_IMAGE_PREFIX \
SAST_ANALYZER_IMAGE_TAG \
SAST_DEFAULT_ANALYZERS \
- SAST_EXCLUDED_PATHS \
- SAST_BANDIT_EXCLUDED_PATHS \
+ SAST_PULL_ANALYZER_IMAGES \
SAST_BRAKEMAN_LEVEL \
- SAST_GOSEC_LEVEL \
SAST_FLAWFINDER_LEVEL \
SAST_GITLEAKS_ENTROPY_LEVEL \
+ SAST_GOSEC_LEVEL \
+ SAST_EXCLUDED_PATHS \
SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
SAST_RUN_ANALYZER_TIMEOUT \
+ ANT_HOME \
+ ANT_PATH \
+ GRADLE_PATH \
+ JAVA_OPTS \
+ JAVA_PATH \
+ MAVEN_CLI_OPTS \
+ MAVEN_PATH \
+ MAVEN_REPO_PATH \
+ SBT_PATH \
) \
--volume "$PWD:/code" \
--volume /var/run/docker.sock:/var/run/docker.sock \