Plan Workflow Modifications

Overview

Jit's Open DevSecOps platform offers plan workflow customization, empowering security champions to tailor security plans according to their needs.

This feature enables you to modify workflows, so you can address custom risks and align with your tech stack and development processes.

Semgrep Python scanning is currently supported.

🚧

Contact Jit for assistance before using this feature.

Contact us over a shared Slack channel, our platform chat, or here.

Instructions

At the end of your jit-plan.yml file, add the following section:

override:
  workflows:
    sast:
      jobs:
        static-code-analysis-python-semgrep:
          steps:
          - name: Run semgrep python
            uses: registry.jit.io/control-semgrep-alpine:latest
            with:
              args: --json --config=/semgrep-python-config.yml --metrics=off --severity=ERROR
                --exclude-rule python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query
                \${WORK_DIR:-.}

Replace the arguments shown in this example with the arguments that you intend to use. Arguments must be supported by the tool.

🚧

Important!

Include all the arguments that were in the original arguments line,
as it will be completely overridden by this change.

Make sure you use the correct indentation!