Hello!
I am trying to manually enable SAST within a gitlab-ci.yml that has quite a bit of stuff already in it (stages, before_script, etc). I keep getting job failures for SAST because packer isn’t present in the image it pulls (I guess, from the before_script…still learning what someone else constructed) Can someone just explain to me how this works and/or how I can rectify this?
include:
- local: gitlabci/validation/stuff1.yml
- local: gitlabci/infrastructure/stuff2.yml
- local: gitlabci/stuff.balh.yml
- template: Security/SAST.gitlab-ci.yml
sast:
stage: app security test
allow_failure: true
artifacts:
name: sast
paths:
- gl-sast-report.json
stages:
blah
app security test
blah
before_script:
-lots of stuff
- set -eo pipefail
- packer --version
Pipeline logs (slightly redacted):
Executing "step_script" stage of the job script
00:01
Using docker image sha256:218aa01ce977381ad45570bc801bd9cc18bfb0d70208eac5b67db55fd3044e56 for registry.gitlab.com/gitlab-org/security-products/analyzers/semgrep:2 with digest registry.gitlab.com/gitlab-org/security-products/analyzers/semgrep@sha256:7b7889a0ef09e0e9868f48117a9a325f848253f2d3b961eebbec3e1239c482f8 ...
$ export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
$ export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
$ export AWS_DEFAULT_REGION=$AWS_REGION
$ export AWS_REGION=$AWS_REGION
$ export PLUGIN_ACCESS_KEY_ID=$PLUGIN_ACCESS_KEY_ID
$ export PLUGIN_SECRET_ACCESS_KEY=$PLUGIN_SECRET_ACCESS_KEY
$ export GITLAB_TOKEN=$GITLAB_TOKEN
$ TF_VAR_stuff=${TF_VAR_stuff:0:$stuff_TRUNCATE}
$ TF_VAR_something=$(echo $TF_VAR_something | sed 's/-$//')
$ set -eo pipefail
$ packer --version
/bin/sh: eval: line 235: packer: not found
Uploading artifacts for failed job
00:01
Uploading artifacts...
WARNING: gl-sast-report.json: no matching files
ERROR: No files to upload
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 127