diff --git a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
index 47bad32c1572eb8e146b7fb58fd66a5e2760dc7a..3e7d89f16272d4809a6e005f71a60a960177f5ec 100644
--- a/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
@@ -63,6 +63,7 @@
'Golang' | { 'main.go' => '' } | {} | %w[semgrep-sast]
'Groovy' | { 'app.groovy' => '' } | {} | %w[spotbugs-sast]
'Java' | { 'app.java' => '' } | {} | %w[semgrep-sast]
+ 'Java properties' | { 'app.properties' => '' } | {} | %w[semgrep-sast]
'Javascript' | { 'app.js' => '' } | {} | %w[semgrep-sast]
'JSX' | { 'app.jsx' => '' } | {} | %w[semgrep-sast]
'Kotlin' | { 'app.kt' => '' } | {} | %w[semgrep-sast]
diff --git a/ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb
index b6cba02ce6f0b89421fa0824f128c1141902b794..61615a17d1c75e6867d8ee97c500514305c2b535 100644
--- a/ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb
@@ -97,6 +97,7 @@
'Golang' | { 'main.go' => '' } | {} | %w[semgrep-sast]
'Groovy' | { 'app.groovy' => '' } | {} | %w[spotbugs-sast]
'Java' | { 'app.java' => '' } | {} | %w[semgrep-sast]
+ 'Java properties' | { 'app.properties' => '' } | {} | %w[semgrep-sast]
'Javascript' | { 'app.js' => '' } | {} | %w[semgrep-sast]
'JSX' | { 'app.jsx' => '' } | {} | %w[semgrep-sast]
'Kotlin' | { 'app.kt' => '' } | {} | %w[semgrep-sast]
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
index d7cdb332a6197cdb00c908ea3300940d520e9782..5471cfdf194d41e5d1b9befa368264e64d457262 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
@@ -197,6 +197,15 @@ semgrep-sast:
- '**/*.swift'
- '**/*.m'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
@@ -230,6 +239,15 @@ semgrep-sast:
- '**/*.m'
- '**/*.rb'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
sobelow-sast:
extends: .sast-analyzer
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
index 8c426e1ea71c59e013b1cc2f54c641c6208fdf7b..9838ce62cb1687239bf410b4703096db2055606f 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
@@ -250,6 +250,15 @@ semgrep-sast:
- '**/*.swift'
- '**/*.m'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
- if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
@@ -283,6 +292,15 @@ semgrep-sast:
- '**/*.m'
- '**/*.rb'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
- if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
when: never
# If there's no open merge request, add it to a *branch* pipeline instead.
@@ -308,6 +326,15 @@ semgrep-sast:
- '**/*.swift'
- '**/*.m'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
## In case gitlab-advanced-sast already covers all the files that semgrep-sast would have scanned
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bsast_advanced\b/ &&
@@ -341,6 +368,15 @@ semgrep-sast:
- '**/*.m'
- '**/*.rb'
- '**/*.kt'
+ - '**/*.properties'
+ - '**/application*.yml'
+ - '**/management*.yml'
+ - '**/actuator*.yml'
+ - '**/bootstrap*.yml'
+ - '**/application*.yaml'
+ - '**/management*.yaml'
+ - '**/actuator*.yaml'
+ - '**/bootstrap*.yaml'
sobelow-sast:
extends: .sast-analyzer