We’re running gitlab 13.0 ultimate self hosted. We didn’t do any sast before (there are no earlier sast-ci configs).
The sast jobs run but:
- we expect the reports to be uploaded and be available as a downloadable artifact
- what we see is that the jobs fail because ‘there is no file to upload’.
We didn’t do anything else than just following the guide https://docs.gitlab.com/ee/user/application_security/sast/. We added:
include:
- template: SAST.gitlab-ci.yml
to our .gitlab-ci.yml and we added the template to the project.
Here is the log job’s console (similar for both the jobs secret-sast and spotbugs-sast):
Running with gitlab-runner 13.0.0 (c127439c)
on Ada-Lovelance vyVhpUXz
Preparing the "docker" executor 00:23
Preparing environment 00:01
Getting source from Git repository 00:01
Fetching changes with git depth set to 50...
Initialized empty Git repository in /.../.git/
Created fresh repository.
From ...
* [new ref] refs/pipelines/66968 -> refs/pipelines/66968
* [new branch] master -> origin/master
Checking out f4922553 as master...
Skipping Git submodules setup
Restoring cache 00:02
Downloading artifacts 00:02
Downloading artifacts for build-jar (190250)...
Downloading artifacts from coordinator... ok id=190250 responseStatus=200 OK token=4ba3cKKg
Running before_script and script 00:01
$ chmod +x gradlew
ln: .m2: No such file or directory
$ ln -s "$MAVEN_LOCAL" ".m2"
Running after_script 00:01
Uploading artifacts for failed job 00:02
Uploading artifacts...
WARNING: gl-sast-report.json: no matching files
ERROR: No files to upload
ERROR: Job failed: exit code 1