mobsf-ios-sast couldn't get the correct report analysis

Summary

Steps to reproduce

  1. To reproduce:-
docker run --rm -it -v "$(pwd):/target" -e ANALYZER_TARGET_DIR=/target/  -e SEARCH_MAX_DEPTH=50    -e MOBSF_API_KEY=key -e SECURE_LOG_LEVEL="debug"  -e MOBSF_ADDR=http://localhost:8000/api/v1 registry.gitlab.com/security-products/mobsf:2
  1. Second way to reproduce via pipeline
mobsf-ios-sast:
   image: registry.gitlab.com/security-products/mobsf:latest
   services:
     - name: repo.saudidigitalbank.com/docker-hub/opensecurity/mobile-security-framework-mobsf:latest
       alias: mobfs
       command: ["/home/mobsf/Mobile-Security-Framework-MobSF/scripts/entrypoint.sh"]
  
   variables:
    MOBSF_ADDR: "http://mobfs:8000/api/v1" 
    MOBSF_API_KEY: "12345"
    SECURE_LOG_LEVEL: "debug"
    SEARCH_MAX_DEPTH: "10"
    SAST_ANALYZER_IMAGE_TAG: "latest"
   script:
     - sleep 10  && cd ./build && /analyzer run 
   artifacts:
    reports:
      sast: gl-sast-report.json

cat gl-sast-report.json

{"version":"14.0.4","vulnerabilities":[],"scan":{"scanner":{"id":"mobsf","name":"MobSF","url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF","vendor":{"name":"GitLab"},"version":"3.5.0"},"type":"sast","start_time":"2023-03-27T09:37:31","end_time":"2023-03-27T09:39:07","status":"success"}}

P.S. When manually uploaded the build to mmobfs-server there are vulnerabilities

Tried to use mobfs-ios-sast in my gitlab-ultimate instance using

 include:
  - template: Security/SAST.gitlab-ci.yml
 variable:SAST_EXPERIMENTAL_FEATURES: "true"

What is the current bug behavior?

gl-sast-report.json showing NO vulnerabilities .

What is the expected correct behavior?

vulnerabilities should be listed in report .

Relevant logs and/or screenshots

'

docker run --rm -it -v "$(pwd):/target" -e ANALYZER_TARGET_DIR=/target/  -e SEARCH_MAX_DEPTH=50    -e MOBSF_API_KEY=key -e SECURE_LOG_LEVEL="debug"  -e MOBSF_ADDR=http://172.17.0.2:8000/api/v1 registry.gitlab.com/security-products/mobsf:2
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ GitLab MobSF analyzer v2.15.1
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ Detecting project
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ Found relevant files in project, analyzing entire repository
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ Running analyzer
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ Excluded directories: []
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ AnalysisType: packageFile
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ AnalysisType: packageFile
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ Starting scan. Type: ipa, Upload Hash: 665546eab0c1e1eea743f787b8620999
[INFO] [MobSF] [2023-03-27T09:26:35Z] ▶ Creating report
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ custom rulesets not enabled
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ Applying report overrides
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ custom rulesets not enabled
[DEBU] [MobSF] [2023-03-27T09:26:35Z] ▶ Optimizing JSON Output

Output of checks

Results of GitLab environment info

Running on Gitlab ultimate 14.15

Edited by Kate Grechishkina