sast spotbugs failed on maven multimodules projects
Summary
When executing spotbugs sast report (registry.gitlab.com/gitlab-org/security-products/analyzers/spotbugs) on maven multiproject sast analyse breaks because it not found the m2 repo
- parent
- child1
- child2
It search the maven repo into parent/child1 instead of parent
[INFO] [Find Security Bugs] [2021-06-30T00:22:32Z] ▶ GitLab Find Security Bugs analyzer v2.28.3
[INFO] [Find Security Bugs] [2021-06-30T00:22:32Z] ▶ Detecting project
...
[INFO] [Find Security Bugs] [2021-06-30T00:25:09Z] ▶ SpotBugs analysis succeeded for /builds/wac/core/components/core-parent!
[FATA] [Find Security Bugs] [2021-06-30T00:25:09Z] ▶ lstat /builds/xx/core/components/parent/child1/.m2/repository: no such file or directory
include:
- template: Security/SAST.gitlab-ci.yml
spotbugs-sast:
needs: ["build"]
allow_failure: true
variables:
SAST_JAVA_VERSION: 11
MAVEN_REPO_PATH: .m2/repository
COMPILE: "false"
Same problem if I set MAVEN_REPO_PATH
to ./.m2/repository
Steps to reproduce
- Create a maven multimodule project
- add ci conf with sast report and set MAVEN_REPO_PATH
Example Project
What is the current bug behavior?
Report breaks.
What is the expected correct behavior?
Report generated
Relevant logs and/or screenshots
[INFO] [Find Security Bugs] [2021-06-30T00:22:32Z] ▶ GitLab Find Security Bugs analyzer v2.28.3
[INFO] [Find Security Bugs] [2021-06-30T00:22:32Z] ▶ Detecting project
...
[INFO] [Find Security Bugs] [2021-06-30T00:25:09Z] ▶ SpotBugs analysis succeeded for /builds/wac/core/components/core-parent!
[FATA] [Find Security Bugs] [2021-06-30T00:25:09Z] ▶ lstat /builds/xx/core/components/parent/child1/.m2/repository: no such file or directory
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)