Loading templates/gitlab-ci-sonar.yml +26 −2 Original line number Diff line number Diff line Loading @@ -467,7 +467,31 @@ sonar: ${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY} ${SONAR_PROJECT_NAME:+-Dsonar.projectName=$SONAR_PROJECT_NAME} ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code rules: - !reference [.test-policy, rules] artifacts: name: "SonarQube analysis reports for Sonar from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always reports: sast: "reports/sonar.gitlab-sast.json" paths: - "reports/sonar.gitlab-sast.json" No newline at end of file Loading
templates/gitlab-ci-sonar.yml +26 −2 Original line number Diff line number Diff line Loading @@ -467,7 +467,31 @@ sonar: ${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY} ${SONAR_PROJECT_NAME:+-Dsonar.projectName=$SONAR_PROJECT_NAME} ${SONAR_QUALITY_GATE_ENABLED:+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED} $SONAR_BASE_ARGS $SONAR_BASE_ARGS || exit_code=$? - | if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]] then log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..." mkdir -p ./reports sonar_api_params="projectKey=${SONAR_PROJECT_KEY}" if [ -z "${CI_MERGE_REQUEST_IID}" ]; then sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}" else sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}" fi curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/sonar.gitlab-sast.json #gitleaks:allow else log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation" fi exit $exit_code rules: - !reference [.test-policy, rules] artifacts: name: "SonarQube analysis reports for Sonar from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day when: always reports: sast: "reports/sonar.gitlab-sast.json" paths: - "reports/sonar.gitlab-sast.json" No newline at end of file
