Sobelow support for nested Elixir projects (!107378) · Merge requests · GitLab.org / GitLab

rossfuhrman requested to merge rf-fix-sobelow-sast-rules into master Dec 19, 2022

What does this MR do and why?

Describe in detail what your merge request does and why.

Nested mix.exs files are not being detected, so nested Elixir projects are not causing sobelow scans to kick off.

I set up an Elixir project to demonstrate the problem and that this MR works.

Here's a pipeline with the project not being detected, so sobelow does not run: https://gitlab.com/rossfuhrman/phoenix-nest/-/pipelines/727155484

And here I overrode the rules with the deep search from this MR and sobelow is running: https://gitlab.com/rossfuhrman/phoenix-nest/-/pipelines/727156447

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 29, 2022 by Lucas Charles

Sobelow support for nested Elixir projects

What does this MR do and why?

MR acceptance checklist

Merge request reports