SAST Analyzer error with .NET - Unable to build project using `dotnet`
Summary
Steps to reproduce
- Create a .csproj in gitlab
- Use the Gitlab SAST template in the .gitlab-ci.yml and run it.
What is the current bug behavior?
This is the output of the security-code-scan
[INFO] [security-code-scan] [2021-01-28T16:09:44Z] ▶ Found solution example/path
[INFO] [security-code-scan] [2021-01-28T16:09:44Z] ▶ Found solution example/path
[WARN] [security-code-scan] [2021-01-28T16:09:50Z] ▶ Unable to build project using `dotnet`, attempting to build using `nuget` and `msbuild`
[FATA] [security-code-scan] [2021-01-28T16:09:54Z] ▶ Unable to build project from solution file using `nuget and `msbuild`. Err: %!s(<nil>)
Uploading artifacts...
00:02
WARNING: gl-sast-report.json: no matching files
ERROR: No files to upload
ERROR: Job failed: exit code 1What is the expected correct behavior?
The security-code-scan should be able to report the vulnerabilities found and upload them in the artifacts.
Relevant logs and/or screenshots
This is the current usage of the GITLAB Sast template (only the .net scanner):
security-code-scan-sast:
extends: .sast-analyzer
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
$SAST_DEFAULT_ANALYZERS =~ /security-code-scan/
exists:
- '**/*.csproj'
- '**/*.vbproj'