We have a hosted community edition of gitlab which don’t support SAST.
We want to do few checks before merging an MR like static analysis and left with two options.
- Invoke an REST api with project and MR details which could generate diff in MR with command line, do static analysis and return whether MR is mergeable
- Do a shell script check in pipeline docker image itself. This is faster because of shell but since everytime a new image is loaded in VM for pipeline should we clone repo and generate diff? Or is there any Environment variable for diff?
There is also a merge request diff api but with version.
What would be the correct approach?