Findings job
display-findings:
image: node:16-alpine
stage: test
needs: [semgrep-sast]
tags: [saas-linux-small-amd64]
rules:
#- if: $CI_COMMIT_BRANCH == "main"
- if: $CI_MERGE_REQUEST_IID
artifacts:
paths:
- semgrep.gl-sast-report.json
- vulnerability-report.md
before_script:
- apk add curl
- *notes_helpers
script: |
node display-findings.js > vulnerability-report.md
report="$(cat vulnerability-report.md)"
add_note_to_merge_request "${report}"
.notes_helpers: ¬es_helpers |
# --------------------------------
# add a note to the merge request
# --------------------------------
function add_note_to_merge_request() {
note_content=$1
MR_ID=${CI_MERGE_REQUEST_PROJECT_ID}
MR_IID=${CI_MERGE_REQUEST_IID}
curl -d "body=${note_content}" \
--request POST \
--header "PRIVATE-TOKEN: ${BOT_TOKEN}" \
https://gitlab.com/api/v4/projects/${MR_ID}/merge_requests/${MR_IID}/notes
}