Gitlab 16.2 Semgrep not finding Java issues

Neither the Semgrep nor SpotBugs are finding issues with Java code. The Semgrep scanner shows that it is scanning Java files, but does not report any issues. To verify, I created a Java file with issues, as well as a Python and C file with known issues. The Python and C file do report errors, but not any of the java code (not even the issue I created). It is almost like there is a variable that isn’t set correct (e.g. SAST_REPORT_JAVA = ‘true’), but cannot find any variable to set. The Semgrep parser is reporting the correct number of java files. I also set these two variables to provide more information:
but not seeing anything in the output.

Has anyone else encountered this issue?

Hi, I am also facing with the same issue. My configuration is as below:

  • template: Jobs/SAST.gitlab-ci.yml
    stage: test

The jobs did state succeeded and in the logs it says

detecting project
analyzer will attempt to analyze all projects in the repository
running analyzer
creating reports

the json report is generated and found in the artifact but does not report any issues at all. I was trying out in another repo that has Scala codes and it does not report issues too. However it reports error in another repository that has python code. Anyone able to assist on this?

I faced the same issue. Java files are not analysed by Semgrep analyzer. But tested with a sample JS file and it works.
Any advice on how to resolve?

Thank you