Gitlab SAST失败，没有明显的原因

Question

我正在测试Gitlab自动提供的SAST功能。

我的项目(java、spring、maven)在本地用mvn干净包编译得很好。

我正在与一个托管的Gitlab和共享跑步者一起工作。

CI还没有实施。

我选择了生成的..gitlab ci.yml文件

stages:
- test
sast:
  stage: test
include:
- template: Security/SAST.gitlab-ci.yml

然后，这项工作失败了，并发出了如下消息：

$ /analyzer run
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ GitLab Find Security Bugs analyzer v2.28.7
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Detecting project
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found project in /builds/myrepo/myproject
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Running analyzer
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found Mvnw project in /builds/myrepo/myproject directory
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found 1 analyzable projects.
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Building Mvnw project at /builds/myrepo/myproject.
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1

我怎么知道出了什么问题？

Answer 1

该错误位于容器的第二行到最后一行：

[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1

假设您的maven作业在本地构建良好，并且在不同的maven容器中构建良好，我建议您使用文档中定义的日志级别配置SAST作业的日志记录，并收集一些附加信息：https://docs.gitlab.com/ee/user/application_security/sast/#logging-level