SAST Nodejs scan fails on gitlab-org/gitlab when not using Docker-in-Docker
With the Move away from docker-in-docker for SAST , the nodejs-scan-sast job is failing and needs to be fixed.
I suspect this failure is related to the nodejs-scan analyzer will need to be updated.$CI_PRE_CLONE_SCRIPT
, and either that script will need to be adjusted, or
Recommendation for the next step would be to do one of the following:
- Add flag for disabling babel-preprocessing in nodejs-scan SAST analyzer
- Remove babel from nodejs-scan analyzer
Item 2. is the best long-term solution, but there are open technical questions on the best way to accomplish this. Item 1. is only a short-term solution, but can be executed now and is weighted at a 2
.
Snippet of failure:
Running before_script and script
00:03
Authenticating with credentials from job payload (GitLab Registry)
$ /analyzer run
Found project in /builds/gitlab-org/gitlab
30 rules loaded
{ Error: EACCES: permission denied, mkdir '/builds/gitlab-org/gitlab/app/assets/javascripts/GitLab-SAST-NodeJsScan-out'
at Object.fs.mkdirSync (fs.js:902:18)
at make (/home/node/node_modules/make-dir/index.js:107:15)
at module.exports.sync (/home/node/node_modules/make-dir/index.js:138:9)
at outputFileSync (/home/node/node_modules/@babel/cli/lib/babel/dir.js:71:23)
at /home/node/node_modules/@babel/cli/lib/babel/dir.js:115:11
at Generator.next (<anonymous>)
at asyncGeneratorStep (/home/node/node_modules/@babel/cli/lib/babel/dir.js:66:103)
at _next (/home/node/node_modules/@babel/cli/lib/babel/dir.js:68:194)
at <anonymous>
errno: -13,
code: 'EACCES',
syscall: 'mkdir',
path: '/builds/gitlab-org/gitlab/app/assets/javascripts/GitLab-SAST-NodeJsScan-out' }
exit status 1
Running after_script
Edited by rossfuhrman