Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(report): added Gitlab SAST report #3432

Merged
merged 10 commits into from
May 27, 2021
Merged

feat(report): added Gitlab SAST report #3432

merged 10 commits into from
May 27, 2021

Conversation

felipe-avelar
Copy link
Contributor

Closes #1986

Proposed Changes

  • Added a new report format glsast, which will generate a file to be used with Gitlab SAST integration

I submit this contribution under the Apache-2.0 license.

@felipe-avelar felipe-avelar added feature New feature go Pull requests that update Go code labels May 25, 2021
@felipe-avelar felipe-avelar added this to the Reporting milestone May 25, 2021
@felipe-avelar felipe-avelar self-assigned this May 25, 2021
@kicsbot
Copy link
Contributor

kicsbot commented May 25, 2021

Scan submitted to Checkmarx

@kicsbot
Copy link
Contributor

kicsbot commented May 25, 2021

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 0 vulnerabilities
High 0 High
Medium 0 Medium
Low 0 Low
Info 0 Info

Violation Summary

No policy violation found

@felipe-avelar
Corrected sonar issues
9fea141 
Signed-off-by: Felipe Avelar <[email protected]>
@felipe-avelar
Get relative path from repository
1ffd34e 
Signed-off-by: Felipe Avelar <[email protected]>
@felipe-avelar
Corrected test issues
dc66e10 
Signed-off-by: Felipe Avelar <[email protected]>
@felipe-avelar felipe-avelar marked this pull request as draft May 26, 2021 15:32
@felipe-avelar felipe-avelar marked this pull request as ready for review May 26, 2021 16:38
@felipe-avelar
Solving conflicts
25efa03 
Signed-off-by: Felipe Avelar <[email protected]>
joaoReigota1
joaoReigota1 approved these changes May 27, 2021
View reviewed changes
Copy link
Collaborator

@joaoReigota1 joaoReigota1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

rogeriopeixotocx
rogeriopeixotocx approved these changes May 27, 2021
View reviewed changes
Copy link
Contributor

@rogeriopeixotocx rogeriopeixotocx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rogeriopeixotocx rogeriopeixotocx merged commit 8155c82 into master May 27, 2021
@rogeriopeixotocx rogeriopeixotocx deleted the feature/gitlab-report branch May 27, 2021 08:49
@theoretick
Copy link
Contributor

theoretick commented May 27, 2021
edited
Loading

Hi all, Gitlabber here! This is really exciting to see shipped!

Apologies for missing this earlier but we just noticed a couple minor issues here I wanted to follow-up on:

  1. Our category field is actually an enum of the report type. This is used internally for grouping the reports correctly and should be sast here. I realize this was an issue with our schema and not well documented. Sorry about that! We just opened https://gitlab.com/gitlab-org/gitlab/-/issues/332054 to track this one.
  2. Our severity field is also an enum and should be camelcase; i.e. High not high.

We are also working on deploying a more accessible schema validator to make these integrations more straightforward. It didn't pick up on the first issue but the second is validated correctly. You can currently find it at https://gitlab-org-security-products-secure-schema-validator.34.127.22.151.sslip.io/ until we spin up a more permanent domain.

I opened a follow-up PR here to address these two items: #3460.

@theoretick theoretick mentioned this pull request May 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joaoReigota1 joaoReigota1 joaoReigota1 approved these changes

@rogeriopeixotocx rogeriopeixotocx rogeriopeixotocx approved these changes

@rafaela-soares rafaela-soares Awaiting requested review from rafaela-soares

Assignees

@felipe-avelar felipe-avelar

Labels
feature New feature go Pull requests that update Go code
Projects
None yet
Milestone
Reporting
Development

Successfully merging this pull request may close these issues.

GitLab SAST Reports Integration
5 participants
@felipe-avelar @kicsbot @theoretick @joaoReigota1 @rogeriopeixotocx