Loading templates/gitlab-ci-gradle.yml +26 −1 Original line number Diff line number Diff line Loading @@ -589,7 +589,32 @@ gradle-sonar: - >- $GRADLE_CLI_BIN ${TRACE+-Dsonar.verbose=true} $GRADLE_CLI_OPTS ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/gradle-sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code artifacts: name: "SonarQube analysis reports for Gradle from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always paths: - $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json reports: sast: - $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json rules: # exclude if $SONAR_HOST_URL not set - if: '$SONAR_HOST_URL == null || $SONAR_HOST_URL == ""' Loading Loading
templates/gitlab-ci-gradle.yml +26 −1 Original line number Diff line number Diff line Loading @@ -589,7 +589,32 @@ gradle-sonar: - >- $GRADLE_CLI_BIN ${TRACE+-Dsonar.verbose=true} $GRADLE_CLI_OPTS ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/gradle-sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code artifacts: name: "SonarQube analysis reports for Gradle from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always paths: - $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json reports: sast: - $GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json rules: # exclude if $SONAR_HOST_URL not set - if: '$SONAR_HOST_URL == null || $SONAR_HOST_URL == ""' Loading
