feat: sonar sast report (6234c3e8) · Commits · to be continuous... / Gradle

templates/gitlab-ci-gradle.yml

+26 −1

Original line number	Diff line number	Diff line
		@@ -589,7 +589,32 @@ gradle-sonar:
		- >-
		$GRADLE_CLI_BIN ${TRACE+-Dsonar.verbose=true} $GRADLE_CLI_OPTS
		${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED}
		$SONAR_BASE_ARGS
		$SONAR_BASE_ARGS \|\| exit_code=$?
		- \|
		if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]]
		then
		log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..."
		mkdir -p ./reports
		sonar_api_params="projectKey=${SONAR_PROJECT_KEY}"
		if [ -z "${CI_MERGE_REQUEST_IID}" ]; then
		sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}"
		else
		sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}"
		fi
		curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/gradle-sonar.gitlab-sast.json #gitleaks:allow
		else
		log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation"
		fi
		exit $exit_code
		artifacts:
		name: "SonarQube analysis reports for Gradle from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
		expire_in: 1 day
		when: always
		paths:
		- $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json
		reports:
		sast:
		- $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json
		rules:
		# exclude if $SONAR_HOST_URL not set
		- if: '$SONAR_HOST_URL == null \|\| $SONAR_HOST_URL == ""'