Extract orchestrator, to be moved to the common library
What does this MR do?
It extracts the code that SAST will share with Dependency Scanning. It's essentially about spawning the analyzers and merging the artifacts they generate. SAST and DS will also share the command line interface.
It's currently based on !108 (merged) which to this day has not been merged into master.
Also, it uses io.Pipe
when project files are copied to the container. This avoid running out of memory when dealing with big projects/repos and when bound mounting is not possible.
TODO
-
Switch to tagged version of common
after importingorchestrator
Why was this MR needed?
To reuse as much code as possible b/w SAST and DS, making both projects easier to maintain.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug
What are the relevant issue numbers?
Edited by Fabien Catteau