SAST Scanner Service for SAST in the IDE
- Service Overview
- Alerts: https://alerts.gitlab.net/#/alerts?filter=%7Btype%3D%22sast-service%22%2C%20tier%3D%22sv%22%7D
- Label: gitlab-com/gl-infra/production~“Service::SastService”
Logging
Section titled “Logging”Summary
Section titled “Summary”The SAST Scanner Service is stateless service that runs SAST scans to provide SAST in the IDE. This service is currently used by “SAST IDE Integration” feature, managed by the Secure:Static Analysis team.
The service deployments are being managed by Runway.
The source code repository for the service is available here and the runway deployment configuration is located here. Note, that we use different projects for managing the source code and for deploying the service.
Architecture
Section titled “Architecture”The architecture documentation is available here.
Performance
Section titled “Performance”The benchmarking system is explained here.
Scalability
Section titled “Scalability”The SAST Scanner service is deployed using Runway and its scaling is handled by Cloud Run and configured as part of Runway deployment (doc).
Availability
Section titled “Availability”The SAST Scanner service is accessible by Ultimate tier users. The the service is
currently deployed to us-central1 and europe-west1 regions.
Security/Compliance
Section titled “Security/Compliance”The service is stateless; it does not log/store any customer-related data.
Monitoring/Alerting
Section titled “Monitoring/Alerting”The service is deployed using Runway so that we can use the built-in observability features particularly monitoring stack. Default Runway metrics for the service is available at Runway Service Metrics dashboard.