-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scan does not create comment in the merge request. #357
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When trying to run a scan with the shift left test, its not updating the merge request in gitlab.com and self hosted Gitlab CE edition.
The yaml used is:
variables:
GITHUB_TOKEN: $GITHUB_TOKEN
GITLAB_TOKEN: $GITLAB_TOKEN
SCAN_ANNOTATE_PR: "true"
scan:
stage: test
image:
name: quay.io/shiftleft/scan-oss:latest
script:
- scan --src ${CI_PROJECT_DIR} --type depscan --out_dir ${CI_PROJECT_DIR}/reports
rules:
- when: always
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
paths:
- $CI_PROJECT_DIR/reports/
when: always
The results looks like:
[15:13:28] INFO Baseline file written to /builds/siva.ah/spring-boot-rest-example/reports/.sastscan.baseline
Security Scan Summary
╔════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Dependency Scan (java) │ 30 │ 50 │ 24 │ 7 │ ❌ ║
╚════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Uploading artifacts for failed job
Uploading artifacts...
/builds/siva.ah/spring-boot-rest-example/reports/: found 7 matching files and directories
Uploading artifacts as "archive" to coordinator... ok id=1958602230 responseStatus=201 Created token=gVeUsj1y
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
The text was updated successfully, but these errors were encountered: