Improve GitLab Advanced SAST customizable detection logic docs
Problem to solve
Make it to clear to users in our user docs as to how to use customizable detection logic for GitLab Advanced SAST
Proposal
- Replace the following text, in the body of the Customize Rulesets section
You can customize the behavior of our SAST analyzers by defining a ruleset configuration file in the repository being scanned. There are two kinds of customization:
- Modifying the behavior of predefined rules. This includes:
- Disabling predefined rules. Available for all analyzers.
- Overriding metadata of predefined rules. Available for all analyzers.
- Replacing predefined rules by building a custom configuration using passthroughs. Available only for the Semgrep-based analyzer.
GitLab Advanced SAST supports modifying the behavior of predefined non-taint, structural rules and the application of file and raw passthroughs. Other passthrough types are ignored.
with
You can customize the behavior of our SAST analyzers by defining a ruleset configuration file in the repository being scanned.
Customization Options by Analyzer
| Customization | GitLab Advanced SAST | Semgrep-based Analyzer | Other Analyzers |
|---|---|---|---|
| Disable predefined rules | Yes | Yes | Yes |
| Override metadata of predefined rules | Yes | Yes | Yes |
| Replace predefined rules with custom configurations using passthroughs | Supports modifying the behavior of predefined non-taint, structural rules and the application of file and raw passthroughs. Other passthrough types are ignored. | Supports full passthroughs | No |
- Clarify that you can also do a passthrough in the Disable predefined GitLab Advanced SAST rules example.
- Add an example of a custom rule for Advanced SAST to the Examples section.
Edited by Ethan Feller