Dependency Scanning analyzers reporting "X is a directory" error in output log
Summary
The job output of any Dependency Scanning analyzer has an ERROR log line stating that the project directory path is a directory and indicating that this is an error (e.g. https://gitlab.com/gitlab-org/gitlab/-/jobs/943650355#L45).
Steps to reproduce
- use project a which will trigger DS scanning (e.g. is a supported language/framework)
- enable DS
- trigger pipeline
- open DS job output
Example Project
https://gitlab.com/gitlab-org/security-products/tests/java-maven (see job output for master: https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/jobs/947430563#L653)
What is the current bug behavior?
Error line printed in job output.
What is the expected correct behavior?
No error should appear.
Relevant logs and/or screenshots
Error line printed in job output.
Possible fixes
This error appears because the rulesets functionality from the common module is triggered. This is a SAST feature and shouldn't be triggered for DS.
Fixes:
- detect when scanning analyzer is SAST vs DS
- add a config variable to each analyzer to indicate whether rulesets are enabled/disabled
Edited by Igor Frenkel