I would like to use Gitlab’s SAST features to test an Android application so what I have done is included the SAST template in the CI file.
When the CI pipline executes two jobs are created in the test stage, brakerman-sast and secrets-sast.
The secrets-sast stage executes without any problems and uploads a gl-sast-report.json artifact. However, the brakeman-test stage finishes with an error stating that it can’t find gl-sast-report.json.
No other sast jobs are executed which is odd because the template contains this line:
SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"
Here is a link to the Gitlab lab issue, it contains more information such as logs.