Loading templates/gitlab-ci-maven.yml +27 −3 Original line number Diff line number Diff line Loading @@ -762,12 +762,36 @@ mvn-sonar: ${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN} ${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD} ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/mvn-sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code rules: # exclude if $SONAR_URL and $SONAR_HOST_URL not set - if: '($SONAR_HOST_URL == null || $SONAR_HOST_URL == "") && ($SONAR_URL == null || $SONAR_URL == "")' when: never - !reference [.test-policy, rules] artifacts: name: "SonarQube analysis reports for Maven from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always reports: sast: "${MAVEN_PROJECT_DIR}/reports/mvn-sonar.gitlab-sast.json" paths: - "${MAVEN_PROJECT_DIR}/reports/mvn-sonar.gitlab-sast.json" mvn-dependency-check: extends: .mvn-base Loading Loading
templates/gitlab-ci-maven.yml +27 −3 Original line number Diff line number Diff line Loading @@ -762,12 +762,36 @@ mvn-sonar: ${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN} ${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD} ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/mvn-sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code rules: # exclude if $SONAR_URL and $SONAR_HOST_URL not set - if: '($SONAR_HOST_URL == null || $SONAR_HOST_URL == "") && ($SONAR_URL == null || $SONAR_URL == "")' when: never - !reference [.test-policy, rules] artifacts: name: "SonarQube analysis reports for Maven from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always reports: sast: "${MAVEN_PROJECT_DIR}/reports/mvn-sonar.gitlab-sast.json" paths: - "${MAVEN_PROJECT_DIR}/reports/mvn-sonar.gitlab-sast.json" mvn-dependency-check: extends: .mvn-base Loading
