sast job reports an error
The job is marked allowed to fail, and is failing on every pipeline. I think we should fix or remove it.
Example failure: https://gitlab.com/gitlab-org/gitlab-shell/-/jobs/76131233
Running with gitlab-runner 10.8.0-rc3 (5470b911)
on docker-auto-scale 4e4528ca
Using Docker executor with image docker:stable ...
Starting service docker:stable-dind ...
Pulling docker image docker:stable-dind ...
Using docker image sha256:824b0ae8cb2720f6720011514c89e50c51164a55bc1ae7455957f8c9ba68e782 for docker:stable-dind ...
Waiting for services to be up and running...
Pulling docker image docker:stable ...
Using docker image sha256:c51a2cac7341fe55d38feb70157eb12d56b2039977d4175229432de09bd18896 for docker:stable ...
Running on runner-4e4528ca-project-14022-concurrent-0 via runner-4e4528ca-srm-1529486336-f958cacd...
Cloning repository...
Cloning into '/builds/gitlab-org/gitlab-shell'...
Checking out 9a21ee91 as go-ci-version...
Skipping Git submodules setup
$ export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
$ docker run --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" --volume "$PWD:/code" --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
Unable to find image 'registry.gitlab.com/gitlab-org/security-products/sast:11-0-stable' locally
11-0-stable: Pulling from gitlab-org/security-products/sast
34455e2f5555: Pulling fs layer
34455e2f5555: Download complete
34455e2f5555: Pull complete
Digest: sha256:9cb1f21d82425eeff488c453cde2376fa81a115d45349fef73fc56fcddfe818a
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/sast:11-0-stable
2018/06/20 09:21:05 Copy project directory to containers
2018/06/20 09:21:05 [bandit] Detect project using plugin
2018/06/20 09:21:05 [bandit] Project not compatible
2018/06/20 09:21:05 [brakeman] Detect project using plugin
2018/06/20 09:21:05 [brakeman] Project not compatible
2018/06/20 09:21:05 [find-sec-bugs] Detect project using plugin
2018/06/20 09:21:05 [find-sec-bugs] Project not compatible
2018/06/20 09:21:05 [find-sec-bugs-gradle] Detect project using plugin
2018/06/20 09:21:05 [find-sec-bugs-gradle] Project not compatible
2018/06/20 09:21:05 [find-sec-bugs-sbt] Detect project using plugin
2018/06/20 09:21:05 [find-sec-bugs-sbt] Project not compatible
2018/06/20 09:21:05 [flawfinder] Detect project using plugin
2018/06/20 09:21:05 [flawfinder] Project not compatible
2018/06/20 09:21:05 [go-ast-scanner] Detect project using plugin
2018/06/20 09:21:05 [go-ast-scanner] Project not compatible
2018/06/20 09:21:05 [phpcs-security-audit] Detect project using plugin
2018/06/20 09:21:05 [phpcs-security-audit] Project not compatible
2018/06/20 09:21:05 [security-code-scan] Detect project using plugin
2018/06/20 09:21:05 [security-code-scan] Project not compatible
No compatible analyzer can be found
ERROR: Job failed: exit code 3It's a ruby+go project. Surely it's compatible?