Add missing environments variable to the SAST analyzer docker container
Summary
The SAST Gitlab CI template doesn't pass all environment variables documented in the SAST orchestrator documentation to the sast container.
Steps to reproduce
- Set
MAVEN_CLI_OPTS
to "-X" in a Maven project - Set up SAST as documented, with an include to the vendored template.
- Run the pipeline.
Example Project
https://gitlab.com/groulot/sast-test-maven/tree/MAVEN_CLI_OPTS_test
SAST job: https://gitlab.com/groulot/sast-test-maven/-/jobs/188788558
What is the current bug behavior?
MAVEN_CLI_OPTS is ignored. In this example Maven doesn't output debug information.
What is the expected correct behavior?
MAVEN_CLI_OPTS is honored. In this example Maven would output debug information.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Possible fixes
Add relevant environment variables to the docker container command with --env
arguments in the vendored YAML file.
Edited by Gilbert Roulot