-
Notifications
You must be signed in to change notification settings - Fork 0
Home
jonny64 edited this page Sep 21, 2024
·
29 revisions
sarif2gl
is a tool designed to deliver SAST results to gitlab merge request discussions via API
given a list of SAST results in multiple sarif files in a MR pipeline enviroment:
- if any non-supressed finding is found, it will post a discussion thread
- if one already exists, it will edit the discussion thread's first note
- if all findings are cleared or suppressed, the thread will be resolved
Node.js version 18 is required
$ npm i -g sarif2gl
$ sarif2gl *.sarif
create sdl_bot
user and his access token (SDL_BOT_TOKEN
, rights scope: api
), then in target project
-
define
SDL_BOT_TOKEN
enviroment variable -
add
sdl_bot
to project members as aReporter
- add to
.gitlab-ci.yml
:
stages:
- build
# ...
tool:
# ...
# use .pre stage to run before all stages
stage: .pre
script: ... -f sarif -o tool.sarif
artifacts:
paths:
- ${CI_PROJECT_DIR}/*.sarif
when: always
# ...build
sarif2gl:
rules:
- if: $CI_MERGE_REQUEST_IID
interruptible: true
variables:
GIT_STRATEGY: none
# use .post stage to run after all stages
stage: .post
tags:
- docker
# node:18-alpine with sarif2gl.js
image: sdl.registry.company.local/sarif2gl:1.0.0
script:
- if [[ -z "$(ls -a ./*.sarif)" ]]; then exit 0; fi;
- node sarif2gl.js *.sarif
- create MR: now
sdl_bot
will post a discussion thread if any non-supressed warning is found in input.sarif
- update MR: now
sdl_bot
will edit the discussion thread's first note, or resolve the thread if no warnings found
following sections are parsed and merged across all input sarif in one discussion note:
runs.results
invocations.toolExecutionNotifications
sarif2gl
exit code is always zero, unless there was some error during discussion POST
to | run |
---|---|
run tests with coverage | npm test |
make coverage report |
NODE_V8_COVERAGE=./coverage node --test --experimental-test-coverage npx -y c8 report --temp-directory ./coverage --reporter html
|
see coverage report for master branch | https://jonny64.github.io/sarif2gl |