From 3b79a871e2f4f6758e1a694979a0e381385c6c1e Mon Sep 17 00:00:00 2001
From: Dmytro Bogatov <dmytro@dbogatov.org>
Date: Sat, 1 Dec 2018 15:55:46 -0500
Subject: [PATCH] Add sast.

---
 .gitlab-ci.yml | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cf7ef5f..91de1c7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,6 +13,8 @@ variables:
 include:
 - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/before-script.yml'
 
+# - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/code-quality.yml'
+
 - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/tidy.yml'
 - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/blc.yml'
 
@@ -23,24 +25,16 @@ include:
 - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/dockerify.yml'
 - 'https://git.dbogatov.org/templates/ci-snippets/raw/master/simple-website/pages.yml'
 
-code-quality:
-  stage: test
-  # image: docker:stable
-  # variables:
-  #   DOCKER_DRIVER: overlay2
+sast:
   allow_failure: true
-  # services:
-  #   - docker:stable-dind
   script:
     - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
     - |
       docker run \
-        --env SOURCE_CODE="$PWD" \
-        --volume "$PWD":/code \
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" \
+        --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
-        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
   artifacts:
     reports:
-      codequality: gl-code-quality-report.json
-  tags:
-  - shell
+      sast: gl-sast-report.json
-- 
GitLab