Skip to content

SAST Analyser fail to run when disabling DIND mode with SAST_DISABLE_DIND

Summary

Disabling DIND mode in the sast analyser config cause the following error:

open rules.xml: no such file or directory

only tested in the context of a Javascript project with nodejs-scan-sast

Steps to reproduce

configure sast environment variable by disabling DIND mode in .gitlab-ci.yml

include:
  - template: SAST.gitlab-ci.yml
sast:
  variables:
    SAST_DISABLE_DIND: "true"

Example Project

https://gitlab.com/implicity-healthcare/oss/sast-plain-js

What is the current bug behavior?

the job fail to run and trigger the following error: open rules.xml: no such file or directory

Relevant logs and/or screenshots

Running with gitlab-runner 12.3.0 (a8a019e0)
  on docker-auto-scale fa6cab46
Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan:2 ...
Authenticating with credentials from job payload (GitLab Registry)
Pulling docker image registry.gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan:2 ...
Using docker image sha256:e221e3aa5b906a4b5aa41a98e43d1eebd6d12c83ed5573a5c214454c1c63ef0d for registry.gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan:2 ...
Running on runner-fa6cab46-project-15167656-concurrent-0 via runner-fa6cab46-srm-1572880617-567c487e...
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/implicity-healthcare/samples/sast-plain-js/.git/
Created fresh repository.
From https://gitlab.com/implicity-healthcare/samples/sast-plain-js
 * [new ref]         refs/pipelines/93532430 -> refs/pipelines/93532430
 * [new branch]      sast-dind-disabled      -> origin/sast-dind-disabled
Checking out 2e8db1e2 as sast-dind-disabled...

Skipping Git submodules setup
Authenticating with credentials from job payload (GitLab Registry)
$ /analyzer run
Found project in /builds/implicity-healthcare/samples/sast-plain-js
2019/11/04 15:18:23 open rules.xml: no such file or directory
Uploading artifacts...
WARNING: gl-sast-report.json: no matching files    
ERROR: No files to upload                          
ERROR: Job failed: exit code 1

Output of checks

This bug happens on GitLab.com