Gitlab SAST管道找不到“ gl-sast-report.json”,并且无法在SAST模板中运行其他作业

时间:2019-11-14 17:43:03

标签: gitlab gitlab-ci-runner gitlab-api gitlab-ce gitlab-ee

摘要

我想使用Gitlab的SAST功能来测试Android应用程序,因此我所做的工作是在CI文件中包含了SAST模板。

在执行CI CIpline时,将在测试阶段创建两个作业brakerman-sastsecrets-sast

secrets-sast阶段执行没有任何问题,并上传了gl-sast-report.json工件。但是,刹车测试阶段结束时出现错误,指出找不到gl-sast-report.json

由于模板包含以下行,因此没有执行其他奇怪的作业:

SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"

复制步骤

include:
template: SAST.gitlab-ci.yml

variables:
SAST_DISABLE_DIND: "true"

stages:
  - compile
  - test
  - publish

当前的 bug 行为是什么?

secrets-sast作业执行没有问题,上传gl-sast-report.json

brakeman-sast作业执行时出现错误,指出找不到gl-sast-report.json

没有执行其他{s {1}}和spotbugs-sast这样的保存作业。

预期的正确行为是什么?

security-code-scan-sast应该找到brakeman-sast

应该执行其他SAST作业,但我目前仅看到gl-sast-report.jsonsecrets

相关日志和/或屏幕截图

brakeman-sast 

secrets-sast

1 Running with gitlab-runner 12.4.1 (05161b14) 2 on Kubernetes Runner <REDACTED> gitlab-runner-0-578f8964fb-l4lgb oqX64xJV 3 Using Kubernetes namespace: iliutl-gitlab 00:00 4 Using Kubernetes executor with image $SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_MAJOR_VERSION ... 6 Waiting for pod iliutl-gitlab/runner-oqx64xjv-project-13469380-concurrent-18zhk5 to be running, status is Pending 00:03 7 Running on runner-oqx64xjv-project-13469380-concurrent-18zhk5 via gitlab-runner-0-578f8964fb-l4lgb... 9 Fetching changes with git depth set to 50... 00:02 10 Initialized empty Git repository in /builds/<REDACTED>/android-client/.git/ 11 Created fresh repository. 12 From https://gitlab.com/<REDACTED>/android-client 13 * [new ref] refs/pipelines/95987761 -> refs/pipelines/95987761 14 * [new branch] feature/ZO-27-DN -> origin/feature/ZO-27-DN 15 Checking out db00e733 as feature/ZO-27-DN... 16 Skipping Git submodules setup 18 Checking cache for 13469380-1... 00:01 19 Downloading cache.zip from https://storage.googleapis.com/<REDACTED>-runner/project/13469380/13469380-1 20 Successfully extracted cache 23 $ /analyzer run 00:04 26 Creating cache 13469380-1... 00:00 27 .gradle/: found 45 matching files 28 Archive is up to date! 29 Created cache 31 Uploading artifacts... 00:02 32 gl-sast-report.json: found 1 matching files 33 Uploading artifacts to coordinator... ok id=351043031 responseStatus=201 Created token=11ubRsGb 35 Job succeeded 

brakeman-sast

0 个答案:

没有答案
相关问题
最新问题