From aec3387b9a1dff8392d897993a7ac584fc1eb17c Mon Sep 17 00:00:00 2001
From: proletarius101 <proletarius101@protonmail.com>
Date: Sun, 12 Dec 2021 16:58:25 +0000
Subject: [PATCH] add sast

---
 .gitlab-ci.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2a584452b..d77cff3f12 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,3 +1,5 @@
+include:
+  - template: Security/SAST.gitlab-ci.yml
 
 variables:
   pip: pip3 --timeout 100 --retries 10
@@ -395,3 +397,21 @@ check_git_repos:
     - test -d public || mkdir public
     - cp `git status | grep -Eo 'metadata/.*\.yml'` public/ || true
     - exit $EXITVALUE
+
+sast:
+  variables:
+    MOBSF_API_KEY: key
+    SAST_EXPERIMENTAL_FEATURES: "true"
+    SAST_EXCLUDED_ANALYZERS:
+      bandit, brakeman, eslint, flawfinder, gosec, kubesec,
+      nodejs-scan, phpcs-security-audit, pmd-apex, security-code-scan, semgrep, sobelow,
+      spotbugs
+
+    # Make sure the apk is searched before the manifest, so only apks are scanned
+    ANALYZER_TARGET_DIR: $CI_PROJECT_DIR/tmp/
+  needs:
+    - fdroid build
+
+mobsf-ios-sast:
+  rules:
+    - when: never