Gitlab SAST 失败,原因不明
Gitlab SAST failed with no visible reason
我正在测试 Gitlab 自动提供的 SAST 功能。
我的项目(java、spring boot、maven)在本地使用 mvn clean package 编译得很好。
我正在使用托管的 Gitlab 和共享的运行器。
CI 尚未实施。
我选择了生成的.gitlab-ci.yml文件
stages:
- test
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
然后,作业失败并显示如下消息:
$ /analyzer run
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ GitLab Find Security Bugs analyzer v2.28.7
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Detecting project
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found project in /builds/myrepo/myproject
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Running analyzer
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found Mvnw project in /builds/myrepo/myproject directory
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found 1 analyzable projects.
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Building Mvnw project at /builds/myrepo/myproject.
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1
我怎么知道出了什么问题?
错误在容器的倒数第二行:
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1
假设您的 Maven 作业在本地构建良好,并且在不同的 Maven 容器中构建良好,我建议您使用文档中定义的日志记录级别配置 SAST 作业的日志记录,并收集一些附加信息:https://docs.gitlab.com/ee/user/application_security/sast/#logging-level
我正在测试 Gitlab 自动提供的 SAST 功能。
我的项目(java、spring boot、maven)在本地使用 mvn clean package 编译得很好。
我正在使用托管的 Gitlab 和共享的运行器。
CI 尚未实施。
我选择了生成的.gitlab-ci.yml文件
stages:
- test
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
然后,作业失败并显示如下消息:
$ /analyzer run
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ GitLab Find Security Bugs analyzer v2.28.7
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Detecting project
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found project in /builds/myrepo/myproject
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Running analyzer
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found Mvnw project in /builds/myrepo/myproject directory
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found 1 analyzable projects.
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Building Mvnw project at /builds/myrepo/myproject.
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1
我怎么知道出了什么问题?
错误在容器的倒数第二行:
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1
假设您的 Maven 作业在本地构建良好,并且在不同的 Maven 容器中构建良好,我建议您使用文档中定义的日志记录级别配置 SAST 作业的日志记录,并收集一些附加信息:https://docs.gitlab.com/ee/user/application_security/sast/#logging-level