GitLab SAST configuration
if you are using gitlab ci/cd, you can use static application security testing (sast) to check your source code for known vulnerabilities you can run sast analyzers in any gitlab tier the analyzers produce json formatted reports as job artifacts use the following procedure to configure gitlab sast configuring for gitlab sast, recent customers the procedures in this section are valid only for customers onboarded 6 june 2024 or after use the following procedure to configure the for azure pipelines tools must be configured for a specific application in a specific devops phase in step 2 of the following procedure, you are choosing the application and devops phase to associate with gitlab sast as part of the configuration procedure click settings & utilities → application configuration you will see a list of existing applications select the existing application for which you want to configure gitlab sast or create a new application click the overflow menu (vertical ellipsis) on the develop row for the selected application select add new tool configuration from the overflow menu the service displays the add tool configuration form select gitlab sast for tool engine click submit onboarding gitlab sast after configuring gitlab sast, you must onboard it as a technical service use the following procedure click the overflow menu for the selected application select onboard technical service the service displays the onboard technical service form select secure for devops phase the service displays the tool engine field select gitlab sast for tool engine the service displays the select connection field select the appropriate connection the service displays the select organization field select the appropriate organization the service displays the select projects field select the appropriate project the service displays the repository name field select the appropriate repository click onboard the service navigates to the application configuration page you now have the option of clicking the overflow menu for develop and selecting edit/delete tools configuration to confirm that gitlab sast has been fully configured deleting gitlab sast as a technical service the administrator may, at will, delete the gitlab technical service use the following procedure navigate to → settings & utilities → application configuration expand the application to view all associated phases click the overflow menu for develop click delete technical service click gitlab for select tools configured the service displays the select organization field select the appropriate organization the service displays the select projects field select the appropriate project click delete