Hello,
I am building a custom SAST integration into gitlab ci pipeline. I am trying to build a sast template that would function in the same way as the native SAST.gitlab-ci.yml that can be included in the .gitlab-ci.yml file and the template will “automagically” integrate this custom sast analyzer and the report it produces. I have created the SAST template by copy pasting sections from the native gitlab SAST here: https://gitlab.com/SourceCode.AI/aura-ci/-/raw/master/sast-scanner.yml
However, when I include this template in the .gitlab-ci.yml the sast job is never executed example: https://gitlab.com/SourceCode.AI/aura-ci/-/raw/master/.gitlab-ci.yml . Ci linter shows that the job is available but only the noop stage is being executed in the runner, I already tried to remove all rules, tags etc. that could filter out the job and prevent it from being run as well as moving it inside the test stage instead of sast but the result is same, it’s like as if the job from the included template is invisible to the runner.
Here is my SAST template that I am including:
variables:
AURA_DOCKER_VERSION: "dev"
aura_scan:
stage: sast
script:
- docker run --rm -v ${CI_PROJECT_DIR}:/src:ro rootlug/aura-security:${AURA_DOCKER_VERSION} scan /src -f gitlab-sast >${CI_PROJECT_DIR}/gl-aura-sast-report.json
allow_failure: true
artifacts:
reports:
sast: gl-aura-sast-report.json
And this is the .gitlab-ci.yml I am using for testing:
image: docker:19.03.12
services:
- docker:19.03.12-dind
before_script:
- docker info
include:
- https://gitlab.com/SourceCode.AI/aura-ci/-/raw/master/sast-scanner.yml
stages:
- sast
- test
noop:
stage: test
script:
- echo "This is a no-op stage just to trigger the `test` stage"