Skip to content

Support remote custom configuration

Ethan Urie requested to merge 425730_eurie_remote_ruleset_not_applied_during_report_generation into main

What does this MR do?

Refactors the code slightly to use instance objects of ruleset.Config instead of the paths and having to reload them.

This works with the command and ruleset modules changes to allow us to use the same ruleset without re-cloning it from the remote git repo or rereading from disk.

This change depends on changes to the ruleset and command modules too.

What are the relevant issue numbers?

425730

MRs this blocks

Testing

To test this, since it requires multiple modules, we need to do some tricksy work:

  1. Checkout the 425730_eurie_remote_ruleset_not_applied_during_report_generation branch for kics
  2. Then create a modules folder in the cloned director
  3. In the modules folder clone the 425730_eurie_remote_ruleset_not_applied_during_report_generation branch for the command, and ruleset modules.
  4. In the top-level kics directory we're going to start a go workspace:
    • go work init .
    • go work use modules/command modules/ruleset
  5. Clone the test project into qa/fixtures: git@gitlab.com:jfarmiloe/sast-remote-config-issue.git
  6. Make sure there's no cast-ruleset.toml in that project's .gitlab folder (there was when I cloned it)
  7. Now run analyzer-build
  8. Run analyzer-debug qa/fixtures/sast-remote-config-issue
  9. In the debug container, set the following environment variables
    • GITLAB_FEATURES=sast_custom_rulesets
    • SAST_RULESET_GIT_REFERENCE=gitlab.com/jfarmiloe/sast-remote-config-issue-rules
  10. Run the kics analyzer via: /analyzer run
  11. Verify that there are no results in the resulting /tmp/app/gl-sast-report.json files

Does this MR meet the acceptance criteria?

Edited by Lucas Charles

Merge request reports