4

I’d like to use the artifacts created by the Security/SAST.gitlab-ci.yml template in my final pipeline stage (reporting).

How can I modify the Security/SAST.gitlab-ci.yml template to store the artifacts somewhere in my project dir? I tried to define the following for this template, but this is not working:

artifacts:
  paths:
    - binaries/

I’d be happy for every kind of support.

Thank you

pygeek
  • 7,356
  • 1
  • 20
  • 41
pinas
  • 2,708
  • 4
  • 21
  • 33

1 Answers1

1

Solution

Your parameters need to be updated. Since SAST.gitlab-ci.yml cannot be updated directly, you need to either override one of the blocks from your gitlab-ci.yml which includes the file, or define and include your custom SAST.gitlab-ci.yml. It seems like you can get away with simply overriding the sast block. Specifically, override the artifacts -> reports -> sast parameter.

Example

sast:
  stage: test
  artifacts:
    reports:
      sast: gl-sast-report.json

You also need to ensure the stages and build step is something resembling


stages:
  - build
  - test

include:
  - template: Security/SAST.gitlab-ci.yml

build:
  stage: build
  script:
    - ...
  artifacts:
    paths:
      - binaries/

References

Gitlab SAST: https://docs.gitlab.com/ee/user/application_security/sast/

pygeek
  • 7,356
  • 1
  • 20
  • 41
  • Thank you - this sound interesting. Is there any chance to do this just for one project - I don't have admin access to this gitlab instance. – pinas Oct 09 '20 at 20:06
  • @pinas how can you make any changes to SAST.gitlab-ci.yml or gitlab-ci.yml without admin access? It seems like you have some sort of admin access based on what you say you attempted in your question. – pygeek Oct 09 '20 at 21:14
  • Hmm not sure what you mean sorry - I'm not very experienced with gitlab. So I have a project in gitlab which I have control of (so I can commit gitlab-ci.yml) but SAST.gitlab-ci.yml is afaik not part of my project but stored somewhere in git where I do not have access to. Am I wrong? – pinas Oct 09 '20 at 21:37
  • 1
    @pinas no worries. The SAST.gitlab-ci.yml doesn’t need to be updated, this is a default gitlab template. All you are doing is overriding the sast part of the template when you define sast block in your gitlab-cli.yml. You may understand better if you read through the SAST.gitlab-ci.yml that’s being included here: https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml. Again, you’re only making changes to gitlab-ci.yml – pygeek Oct 09 '20 at 21:45