SAST bind mode is forcing the mount path
When I try to use the mount mode of sast I encounter following issue:
When setting CI_PROJECT_DIR to the absolute path of the app on the host, search doesn't find compatible plugin:
docker run \
--interactive --tty --rm \
--volume "$PWD":/tmp/app
--volume /var/run/docker.sock:/var/run/docker.sock \
--env CI_PROJECT_DIR="$PWD" \
registry.gitlab.com/gitlab-org/security-products/sast:10-8-stable /app/bin/run
2018/05/16 20:12:58 Mount project directory in containers
2018/05/16 20:12:58 [bandit] Detect project using plugin
2018/05/16 20:12:58 [bandit] Project not compatible
2018/05/16 20:12:58 [brakeman] Detect project using plugin
2018/05/16 20:12:58 [brakeman] Project not compatible
2018/05/16 20:12:58 [find-sec-bugs] Detect project using plugin
2018/05/16 20:12:58 [find-sec-bugs] Project not compatible
2018/05/16 20:12:58 [find-sec-bugs-gradle] Detect project using plugin
2018/05/16 20:12:58 [find-sec-bugs-gradle] Project not compatible
2018/05/16 20:12:58 [flawfinder] Detect project using plugin
2018/05/16 20:12:58 [flawfinder] Project not compatible
2018/05/16 20:12:58 [go-ast-scanner] Detect project using plugin
2018/05/16 20:12:58 [go-ast-scanner] Project not compatible
2018/05/16 20:12:58 [phpcs-security-audit] Detect project using plugin
2018/05/16 20:12:58 [phpcs-security-audit] Project not compatible
No compatible analyzer can be found
When setting CI_PROJECT_DIR to the path of app in the container, search find a compatible plugin but the mount fails as it expects a path from the host machine:
docker run \
--interactive --tty --rm \
--volume "$PWD":/tmp/app
--volume /var/run/docker.sock:/var/run/docker.sock \
--env CI_PROJECT_DIR=/tmp/app \
registry.gitlab.com/gitlab-org/security-products/sast:10-8-stable /app/bin/run
2018/05/16 20:15:06 Mount project directory in containers
2018/05/16 20:15:06 [bandit] Detect project using plugin
2018/05/16 20:15:06 [bandit] Project is compatible
2018/05/16 20:15:06 [bandit] Starting analyzer...
10-8-stable: Pulling from gitlab-org/security-products/analyzers/bandit
Digest: sha256:f31b3eda51523941129de759dc9a79b225e67a21ca2bf61116a4795eaa606437
Status: Image is up to date for registry.gitlab.com/gitlab-org/security-products/analyzers/bandit:10-8-stable
2018/05/16 20:15:07 Error response from daemon: invalid mount config for type "bind": bind source path does not existThe underlying reason is that using mount mode forces the user to use --volume $PWD:$PWD instead of --volume $PWD:/what/I/want.
TODO: update description with details in https://gitlab.com/gitlab-org/gitlab-ee/issues/6725#note_85875228.
Edited by Olivier Gonzalez