Not authorized to run Gitlab Advanced SAST Analyzer

Hi, help me with configuration Advanced SAST
I have self-hosted Ultimate version and want to enable Advanced SAST
And have error in pipeline

Problem to solve

Runner Logs
$ /analyzer run
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: GitLab GitLab Advanced SAST analyzer v1.0.10
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Detecting project
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Analyzer will attempt to analyze all projects in the repository
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Loading ruleset for /builds/d.sidorov/test-integration
[WARN] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: /builds/me/test-integration/.gitlab/sast-ruleset.toml not found, ruleset customization will be disabled.
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Running analyzer
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: isFeatureFlagEnabled: true
[INFO] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Error: isCITokenValid(resp.StatusCode):
[FATA] [GitLab Advanced SAST] [2024-09-06T12:45:22Z] :arrow_forward: Error: Not authorized to run Gitlab Advanced SAST Analyzer
Uploading artifacts for failed job
00:01
Uploading artifacts…
WARNING: gl-sast-report.json: no matching files. Ensure that the artifact path is relative to the working directory (/builds/me/test-integration)
ERROR: No files to upload
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit code 1

Configuration

My .gitlab-ci.yml

include:

  • template: Jobs/SAST.gitlab-ci.yml
    variables:
    GITLAB_ADVANCED_SAST_ENABLED: ‘true’

Versions

Self-managed 17.3.1 Ultimate

Please share the instance version details.

System information
System:         Ubuntu 20.04
Proxy:          no
Current User:   git
Using RVM:      no
Ruby Version:   3.1.5p253
Gem Version:    3.5.11
Bundler Version:2.5.11
Rake Version:   13.0.6
Redis Version:  7.0.15
Sidekiq Version:7.1.6
Go Version:     unknown

GitLab information
Version:        17.3.1-ee
Revision:       df01858216e
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     14.11
URL:            https://gitlab.example.ua
HTTP Clone URL: https://gitlab.exampleua/some-group/some-project.git
SSH Clone URL:  git@gitlab.example.ua:some-group/some-project.git
Elasticsearch:  no
Geo:            no
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers: 

GitLab Shell
Version:        14.38.0
Repository storages:
- default:      unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell

Gitaly
- default Address:      unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version:      17.3.1
- default Git Version:  2.45.2

Plan: Ultimate Type: Legacy license

error in line
Error: isCITokenValid(resp.StatusCode):
I found what the error was that for some reason the CI_JOB_TOKEN variable in the CI/CD variables had been prescribed. And this variable was taken as this token.

1 Like