Team I’m working on Gitlab CICD to scan dependency scanning for the code developed in Kotlin , I’m getting error even though I have followed the instructions provided in the documents.
include:
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
and DS_EXCLUDED_ANALYZERS as true
https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#supported-languages-and-package-managers
But i’m getting error like artifacts missing. (The job has not generated any output) Kindly provide some solution for this.
Thanks
Hi, @SocialGit.
Note that DS_EXCLUDED_ANALYZERS doesn’t take a boolean value - you mentioned it’s set to true. This variable stops certain jobs from running.
Is your project public? If you share it, I can have a look. Otherwise, please share the error you’re getting.
1 Like
Hi @thiagocsf , Sorry for responding you lately. Do I need to add any other files for scanning in my project other than gitlab-ci.yml.
The below is the error which I got
[INFO] [gemnasium-maven] [ Date] Detected supported dependency files in ‘poc’. Dependency files detected in this directory will be processed. Dependency files in other directories will be skipped.
exit status 1
Uploading artifacts for failed job
Uploading artifacts…
WARNING: */gl-sbom-.cdx.json: no matching files.
ERROR: No files to upload
Uploading artifacts…
I have also tried other solutions for this – as specified in the below link
But no luck.
Thanks in advance
Hi @SocialGit , The error is saying that no sbom file was created hence there is nothing to be uploaded. This might be because the actual scanner fails. However I don’t see an actual error message from the scanner. I am wondering if you could upload the logs of your DS job with debug on. You can do that by passing the following variable to the DS job: SECURE_LOG_LEVEL=debug . It would be awesome if you could share all the relevant to DS parts of your .gitlab-ci.yml as well. Just in case.
2 Likes