From 8412ab137ac2f541295ebca21a5c70dea785af51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rgen=20Lind?= <jorgen.lind@bluware.com>
Date: Tue, 1 Mar 2022 10:15:48 +0000
Subject: [PATCH] Revert to default sast

---
 .gitlab-ci.yml | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2bbe3b5f..bdd195a2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,6 @@ stages:
 variables:
   SHA_IMAGE_TAG: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA"
   CMAKE_OPTIONS: "-GNinja"
-  SAST_DISABLED: "true"
 cache:
   paths:
   - ccache
@@ -105,17 +104,13 @@ pages:
     - public
   only:
   - master
-
 include:
-  - template: Security/SAST.gitlab-ci.yml
-
-flawfinder-sast:
+- template: Security/SAST.gitlab-ci.yml
+sast:
+  variables:
+    SAST_EXCLUDED_PATHS: _skbuild, 3rdparty, binpackage, CMake, common, docker, docs,
+      examples, java, out, python, tests
+    SAST_EXCLUDED_ANALYZERS: bandit, brakeman, eslint, gosec, kubesec, nodejs-scan,
+      phpcs-security-audit, pmd-apex, security-code-scan, semgrep, sobelow, spotbugs
+    SAST_FLAWFINDER_LEVEL: '4'
   stage: test
-  rules:
-    - if: $CI_COMMIT_BRANCH
-      exists:
-        - '**/*.c'
-        - '**/*.cpp'
-        - '**/*.h'
-  script:
-    - flawfinder src
-- 
GitLab