MobSF Analyzer failing to work on Gitlab-ci
I'm trying to set up MobSF SAST within Gitlab-ci and having a few issues.
I've followed the instructions within the Gitlab Docs and within the MobSF Gitlab repo
However, when I add:
To my .gitlab-ci.yml . I get a yml error stating that it could not get access
My .gitlab-ci.yml file looks like:
sast:
stage: Security
tags:
- docker
include:
- project: 'gitlab-org/security-products/analyzers/mobsf'
ref: master
file: '/template/mobsf.gitlab-ci.yml'
I have a docker image on my machine with gitlab-runners as an image. Does anyone have any thoughts about how to implement this so that i can run automated MobSF SAST on both Android and iOS?
Solution
So after working through this, It seems that you must have the following included in yoru gitlab-ci.yml file:
variables:
#required for Mobile SAST
SAST_EXPERIMENTAL_FEATURES: "true"
include:
- template: Security/SAST.gitlab-ci.yml
sast:
image: docker:19.03.8
stage: Security
variables:
SEARCH_MAX_DEPTH: 4
artifacts:
reports:
sast: gl-sast-report.json
tags:
- docker
- Nuxt 3 on Gitlab Pages
- Gitlab: remote: Your SSH key has expired
- How can I embed a snippet code at my Linkedin article?
- Why can't I go to sign in page to Gitlab.com from Browser?
- fatal: unable to access schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted
- How can I merge a branch without closing the issue in Gitlab?
- GitLab CI Docker login fails due to incorrect DNS
- How to remove yourself from issue participants in GitLab?
- Fingerprint has already been taken gitlab
- How to reset git authentication?
- Clone sub-modules (present on other Git server) on Gitlab CI
- Flutter android pipeline Docker cirrusci/flutter:stable image was not found
- Read and write file in gitlab CI
- Why does Eclipse show "Push HEAD" button after I did "Commit and Push" (to small Gitlab)
- When pushing for the first time to Gitlab get ! [remote rejected] development -> development (pre-receive hook declined)
- Can't push to GitLab, remote end hung up unexpectedly
- Run another GitLab repo's CI to validate a merge request
- Making API call from a Pipeline job in Gitlab?
- Strategies for spotting changes inside moved or renamed files in git
- ssh: Could not resolve hostname git: Name or service not known fatal: Could not read from remote repository
- GitLab CI/CD: Run jobs only when files in a specific directory have changed
- Gitlab with non-standard SSH port (on VM with Iptable forwarding)
- testdriven.io flask-tdd-docker course chapter 15 pipeline stage test ERROR: Job failed: exit code 1
- use image from gitlab Registry in CI
- Docker Gitlab change forgotten root password
- How to sync gitlab with github
- Getting 'could not read Username' error in GitLab pipeline when cloning a submodule
- Property to prevent gitlab from protecting default branches
- How to trigger a Gitlab pipeline job based on when a certain branch name is merged into main
- Cloud Build private DNS GCP