Gl-sast-report.json: no matching files

Problem to solve

SAST w/Autoconf generating the error: WARNING: gl-sast-report.json: no matching files. Ensure that the artifact path is relative to the working directory (/builds/sa-demo-group/joey-whelan/test1)

  • What are you seeing, and how does that differ from what you expect to see?
    I’m using a ‘dind’ CI/CD - is this a problem with SAST? gitlab-ci.yml below:
default:
  image: docker:24.0.5
  services:
  - docker:24.0.5-dind
  before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
variables:
  CONTAINER_TEST_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
  CONTAINER_RELEASE_IMAGE: "$CI_REGISTRY_IMAGE:latest"
  CI_DEBUG_TRACE: "true"
stages:
- build
- test
- release
build:
  stage: build
  script:
  - echo "Building"
  - docker build --pull -t $CONTAINER_TEST_IMAGE .
  - docker push $CONTAINER_TEST_IMAGE
test:
  stage: test
  script:
  - echo "Testing"
  - docker pull $CONTAINER_TEST_IMAGE
  - docker run -d --rm --name wild_thang $CONTAINER_TEST_IMAGE
  - sleep 5
  - docker exec wild_thang pytest test.py
release:
  stage: release
  script:
  - echo "Releasing"
  - docker pull $CONTAINER_TEST_IMAGE
  - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
  - docker push $CONTAINER_RELEASE_IMAGE
  only:
  - main

sast:
  stage: test
include:
- template: Security/SAST.gitlab-ci.yml

Versions

Please select whether options apply, and add the version information.

  • Self-managed
  • [x ] GitLab.com SaaS
  • Self-hosted Runners

Yep, the default settings may interfere with SAST job specifics.

It is recommended to avoid global default and instead use job templates with extends which are specifically used in jobs. The period in the beginning of a job name makes it hidden, not executed, "a job template”.

.docker-tmpl:
  image: docker:24.0.5
  services:
  - docker:24.0.5-dind
  before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

build:
  extends: .docker-tmpl
  …

test: 
  extends: .docker-tmpl
  …

That was it! Thank you very much.

1 Like