SAST implementation

Enable Static Application Security Testing

.gitlab-ci.yml

-# This file is a template, and might need editing before it works on your project.
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Python.gitlab-ci.yml
-
-# Official language image. Look for the different tagged releases at:
-# https://hub.docker.com/r/library/python/tags/
 image: python:latest
-
 stages:
-  - linting
-  - testing
-  - docs
+- linting
+- testing
+- docs
+- test
 
 # Change pip's cache directory to be inside the project directory since we can
 # only cache local items.
 variables:
   PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
 
-# Pip's cache doesn't store the python packages
-# https://pip.pypa.io/en/stable/reference/pip_install/#caching
-#
-# If you want to also cache the installed packages, you have to install
-# them in a virtualenv and cache it as well.
-cache:
-  paths:
-#    - .cache/pip  # 
-#    - venv/   #
-
-  
 before_script:
-  - python --version  # For debugging
-  - pip install -r requirements.txt  # install dependencies from file
-#  - pip install virtualenv
-#  - virtualenv venv
-#  - source venv/bin/activate
-
+- python --version  # For debugging
+- pip install -r requirements.txt  # install dependencies from file
 PEP8:
   stage: linting
-  script: 
-    - pip install flake8
-    - flake8 --count . # PEP8 linting
-
-
+  script:
+  - pip install flake8
+  - flake8 --count .
 Pylint:
   stage: linting
-  # allow_failure: true
-  script: 
-    - pip install pylint
-    - find . -type f -name '*.py' | xargs pylint -rn --rcfile='plotid/.pylintrc' # Find all python files and check the code with pylint.
-
+  script:
+  - pip install pylint
+  - find . -type f -name '*.py' | xargs pylint -rn --rcfile='plotid/.pylintrc'  # Find all python files and check the code with pylint
 test:
   stage: testing
-  tags: 
-    - docker
+  tags:
+  - docker
   script:
-#     - python -m unittest discover -s ./tests/ -p "test*" # deprecated unittest command
-      - python tests/runner_tests.py
-  coverage: '/TOTAL.*\s+(\d+\.\d+%)$/'
-#    - pip install tox flake8  # you can also use tox
-#    - tox -e py36,flake8
-
+  - python tests/runner_tests.py
+  coverage: "/TOTAL.*\\s+(\\d+\\.\\d+%)$/"
 pages:
   stage: docs
   script:
@@ -72,17 +41,18 @@ pages:
     paths:
     - public
   rules:
-   - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
-   - when: manual
-
-# Commenting out all other stages and jobs
-#run:
-#  script:
-#    - python setup.py bdist_wheel
-#    # an alternative approach is to install and run:
-#    - pip install dist/*
-#    # run the command here
-#  artifacts:
-#    paths:
-#      - dist/*.whl
-
+  - if: "$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH"
+  - when: manual
+sast:
+  variables:
+    SAST_EXCLUDED_PATHS: spec, test, tmp
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence