SAST for dotNet (Windows)

dennys.hsieh · December 17, 2021, 9:34am

I can use GitLab to build and test my dotNet application now, and I want to try SAST.
The document said it needs docker or K8S and it doesn’t support Windows container.
(Static Application Security Testing (SAST) | GitLab)

But, can I build dotNet application on Linux docker?

bene64 · December 17, 2021, 10:59am

If you want to build something which targets .NET Core 2.1 or 3.x or something of the newer .NET 5 / .NET 6 it can be built within Linux.
Everything from .NET Framework (4.x) is not natively buildable under Linux (maybe with Mono).

However, I unfortunately don’t know how the SAST is working in detail. But as .NET Core and .NET Framework are listed as supported, I think they somehow managed to get the scanning to work inside a Linux container.

dennys.hsieh · December 20, 2021, 3:29am

Thanks, I try to find some examples, but most are how to deploy to docker, not use a docker to build dotNet, do you know a sample project?

Btw, I download GirLab runner docker from Docker Hub, but it doesn’t have a ‘analyzer’ program. (Because I try to run SAST in a VM and it try to run ‘analyzer’)

dennys.hsieh · December 20, 2021, 8:39am

I use docker to build and SAST for dotnet core 3.1, it’s similiar to do it with VM.
There are 2 differences:

When resister GitLab Runner, need to choose ‘docker’ as the executor.
Add the following script in .gitlab-ci.yml

include:
- template: Security/SAST.gitlab-ci.yml

sast:
  tags:
    - docker

Topic		Replies	Views
SAST Scan .Net Core 3.0 DevSecOps security	1	1518	April 6, 2022
Gitlab ci for react-dotnet template GitLab CI/CD react , dotnet	3	5498	April 25, 2020
.net core on ubuntu 16.04 GitLab CI/CD	1	963	May 24, 2018
Dotnet core 3.0 build fails GitLab CI/CD	0	1990	November 20, 2019
Gitlab Runner dind, dotnet 6, error: /bin/sh: eval: line 141: dotnet: not found GitLab CI/CD runner , docker , dotnet	1	12535	February 23, 2023

SAST for dotNet (Windows)

Related topics