SAST for dotNet (Windows)

I can use GitLab to build and test my dotNet application now, and I want to try SAST.
The document said it needs docker or K8S and it doesn’t support Windows container.
(Static Application Security Testing (SAST) | GitLab)

But, can I build dotNet application on Linux docker?

If you want to build something which targets .NET Core 2.1 or 3.x or something of the newer .NET 5 / .NET 6 it can be built within Linux.
Everything from .NET Framework (4.x) is not natively buildable under Linux (maybe with Mono).

However, I unfortunately don’t know how the SAST is working in detail. But as .NET Core and .NET Framework are listed as supported, I think they somehow managed to get the scanning to work inside a Linux container.

Thanks, I try to find some examples, but most are how to deploy to docker, not use a docker to build dotNet, do you know a sample project?

Btw, I download GirLab runner docker from Docker Hub, but it doesn’t have a ‘analyzer’ program. (Because I try to run SAST in a VM and it try to run ‘analyzer’)

I use docker to build and SAST for dotnet core 3.1, it’s similiar to do it with VM.
There are 2 differences:

  1. When resister GitLab Runner, need to choose ‘docker’ as the executor.
  2. Add the following script in .gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml

    - docker