Add support for specifying project file in SAST dotnet security-code-scan
Problem to solve
Our security-code-scan analyzer for dotnet currently searches and uses the first project file it locates. This does not work for users with multiple
vbproj files within a single gitlab project.
Sasha, Software Developer, https://design.gitlab.com/research/personas#persona-sasha
Sam, Security Analyst, https://design.gitlab.com/research/personas#persona-sam
A) Add a flag/ENV to explicitly pass the project name to the analyzer.
B) Update analyzer to locate solution (
*.sln), supporting multi-project gitlab projects.
(A) should be a quick change but I'm unsure about the feasibility of (B) with our current tooling.
What does success look like, and how can we measure that?
Allow dotnet security scans to run against specified project file instead of first-found.