enforce SAST runner arch

2025-09-24 11:37:07 -04:00 · 2025-09-24 11:37:07 -04:00 · 9afa7b9196
commit 9afa7b9196
parent d6a76a9fe6
1 changed files with 20 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -178,6 +178,10 @@ variables:
  # https://docs.gitlab.com/user/application_security/detect/security_configuration/#use-security-scanning-tools-with-merge-request-pipelines
  AST_ENABLE_MR_PIPELINES: 'true'

+dependency_scanning:
+  tags:
+    ARCH: amd64
+
 # https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
 # https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
 container_scanning:
@ -190,9 +194,25 @@ container_scanning:
  rules:
    - if: $CI_PIPELINE_SOURCE != 'push' || ($CI_COMMIT_BRANCH != 'develop' && $CI_COMMIT_BRANCH != 'stable' && $CI_COMMIT_TAG != '')
      when: never
+  tags:
+    ARCH: amd64
+
+sast:
+  tags:
+    ARCH: amd64
+
+gitlab-advanced-sast:
+  tags:
+    ARCH: amd64
+
+secret_detection:
+  tags:
+    ARCH: amd64

 libbehave-experiment:
  # https://gitlab.com/gitlab-org/security-products/demos/experiments/libbehave/npm-demo/-/blob/add_dependencies/.gitlab-ci.yml?ref_type=heads#L6
  # https://stackoverflow.com/a/70360201
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+  tags:
+    ARCH: amd64