frogbot icon indicating copy to clipboard operation
frogbot copied to clipboard
verified publisher icon jfrog

GitLab Pipeline Artifacts/Reports

Open gal-dahan opened this issue 1 year ago • 4 comments

  • [x] All tests passed. If this feature is not already covered by the tests, I added new tests.
  • [x] This pull request is on the dev branch.
  • [x] I used gofmt for formatting the code before submitting the pull request.
  • [x] Update documentation about new features / new supported technologies

Summary:

I have addressed issue #723 by implementing a SARIF generation feature and converting the results into GitLab Code Quality and SAST reports using the sarif-converter in CI. This enhancement enables users to view the results of SCA scans directly within the GitLab pipeline execution, either in the pipeline logs or as job artifacts.

Details:

  • Feature Addition: Implemented SARIF generation.
  • Conversion: Converted SARIF results into GitLab Code Quality and SAST reports using sarif-converter.
  • Documentation: Updated the documentation to include information about the new SARIF generation feature and its integration with GitLab pipelines.

Exmple of .gitlab-ci.yml :

frogbot-scan:
   ...
   ...
  variables: 
     ...
     ...
    JF_SARIF_OUTPUT_PATH: "/sarifOutputPath.sarif"

  script:
     ...
     ...
    - wget -O sarif-converter https://gitlab.com/ignis-build/sarif-converter/-/releases/permalink/latest/downloads/bin/sarif-converter-linux
    - chmod +x sarif-converter
    # Convert SARIF to GitLab SAST format
    - echo "Converting SARIF file to GitLab SAST format"
    - ./sarif-converter --type sast ${JF_SARIF_OUTPUT_PATH} gl-sast-report.json 
  
    artifacts:
    reports:
      sast: gl-sast-report.json

gal-dahan avatar Sep 02 '24 12:09 gal-dahan

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

github-actions[bot] avatar Sep 02 '24 12:09 github-actions[bot]

I have read the CLA Document and I hereby sign the CLA

gal-dahan avatar Sep 02 '24 12:09 gal-dahan

Thank you for the work you've put into this pull request. Your effort in addressing specific issue is much appreciated. Could you please promote this PR? It's crucial for my organization , and getting it through to the next stage would be very beneficial.

smsnotes avatar Sep 05 '24 07:09 smsnotes

Hi, just checking in to see if anyone has had a chance to review this PR. Please let me know if anything is needed from my side. Thanks!

gal-dahan avatar Oct 14 '24 06:10 gal-dahan