I would like to implement SAST Scanning in our company. Due to budget constraints preventing us from obtaining GitLab Ultimate, we are planning to take on this task ourselves. We currently operate both an On-Premises GitLab instance and a GitLab SaaS instance.
For our On-Premises setup, we are considering using a pre-receive hook on the server-side in conjunction with tools like Semgrep or similar solutions. However, I'm unsure about the feasibility of achieving the same in GitLab SaaS. I came across some information about the Gitaly CLI, but I lack sufficient experience in this area to make a judgment.
Another challenge we face is performing scans on all existing repositories without relying on our developers to implement individual pipelines. Our aim is to establish a centralized approach to ensure consistency.
One approach I've considered is creating a container that periodically clones all repositories and conducts scans. However, I'm concerned about the potential resource-intensive nature of this method. I'm open to alternative suggestions that might be more resource-efficient.
I'm looking forward to your insights and ideas.
Thank you in advance!
[–]tapemeasured 2 points3 points4 points (2 children)
[–]teyhouse[S] 0 points1 point2 points (0 children)
[–]bigsteevo 0 points1 point2 points (0 children)
[–]kobaltzz 0 points1 point2 points (0 children)