Skip to content
代码片段 群组 项目
提交 6b18f416 编辑于 作者: Lorena Ciutacu's avatar Lorena Ciutacu
浏览文件

Merge branch 'rd/sast-remove-unwanted-content' into 'master' 

Remove outdated content from the SAST docs page

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127571



Merged-by: default avatarLorena Ciutacu <lciutacu@gitlab.com>
Approved-by: default avatarLorena Ciutacu <lciutacu@gitlab.com>
Co-authored-by: default avatarRussell Dickenson <rdickenson@gitlab.com>
上级 2b0746e0 87b57ebe
No related branches found
No related tags found
无相关合并请求
隐藏空白变更内容
行内 左右并排
doc/user/application_security/sast/index.md
+ 0
22
浏览文件 @ 6b18f416
...@@ -6,8 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -6,8 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Static Application Security Testing (SAST) **(FREE)** # Static Application Security Testing (SAST) **(FREE)**
> All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
NOTE: NOTE:
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/) The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
explains how 4 of the top 6 attacks were application based. Download it to learn how to protect your explains how 4 of the top 6 attacks were application based. Download it to learn how to protect your
...@@ -27,31 +25,11 @@ For more details, see the [Summary of features per tier](#summary-of-features-pe ...@@ -27,31 +25,11 @@ For more details, see the [Summary of features per tier](#summary-of-features-pe
![SAST results shown in the MR widget](img/sast_results_in_mr_v14_0.png) ![SAST results shown in the MR widget](img/sast_results_in_mr_v14_0.png)
The results are sorted by the priority of the vulnerability:
<!-- vale gitlab.SubstitutionWarning = NO -->
1. Critical
1. High
1. Medium
1. Low
1. Info
1. Unknown
<!-- vale gitlab.SubstitutionWarning = YES -->
A pipeline consists of multiple jobs, including SAST and DAST scanning. If any job fails to finish A pipeline consists of multiple jobs, including SAST and DAST scanning. If any job fails to finish
for any reason, the security dashboard does not show SAST scanner output. For example, if the SAST for any reason, the security dashboard does not show SAST scanner output. For example, if the SAST
job finishes but the DAST job fails, the security dashboard does not show SAST results. On failure, job finishes but the DAST job fails, the security dashboard does not show SAST results. On failure,
the analyzer outputs an [exit code](../../../development/integrations/secure.md#exit-code). the analyzer outputs an [exit code](../../../development/integrations/secure.md#exit-code).
## Use cases
- Your code has a potentially dangerous attribute in a class, or unsafe code
that can lead to unintended code execution.
- Your application is vulnerable to cross-site scripting (XSS) attacks that can
be leveraged to unauthorized access to session data.
## Requirements ## Requirements
SAST runs in the `test` stage, which is available by default. If you redefine the stages in the `.gitlab-ci.yml` file, the `test` stage is required. SAST runs in the `test` stage, which is available by default. If you redefine the stages in the `.gitlab-ci.yml` file, the `test` stage is required.
......
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册