Closed erichs closed 3 years ago
Versions 1.15.8 and previous support setting scan_type in a local .sastscanrc and Versions 2.0.0+ do not.
scan_type
.sastscanrc
Given a local .sastscanrc (pulled from test/data/.sastscanrc):
{ "build_break_rules": { "default": { "max_critical": 0, "max_high": 0, "max_medium": 0 } }, "scan_tools_args_map": { "go": ["echo", "hello", "world"] }, "scan_type": "credscan,java" }
The following commands demonstrate the regression:
❯ docker run --rm -e SCAN_DEBUG_MODE=debug -e "WORKSPACE=${PWD}" -v ${PWD}:/app shiftleft/scan:v1.15.8 scan --mode ci --src /app ███████╗ ██████╗ █████╗ ███╗ ██╗ ██╔════╝██╔════╝██╔══██╗████╗ ██║ ███████╗██║ ███████║██╔██╗ ██║ ╚════██║██║ ██╔══██║██║╚██╗██║ ███████║╚██████╗██║ ██║██║ ╚████║ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝ [18:46:54] INFO Scanning /app using plugins ['credscan', 'java'] ...
^^^ Expected scan types seen
❯ docker run --rm -e SCAN_DEBUG_MODE=debug -e "WORKSPACE=${PWD}" -v ${PWD}:/app shiftleft/scan:v2.0.0 scan --mode ci --src /app ███████╗ ██████╗ █████╗ ███╗ ██╗ ██╔════╝██╔════╝██╔══██╗████╗ ██║ ███████╗██║ ███████║██╔██╗ ██║ ╚════██║██║ ██╔══██║██║╚██╗██║ ███████║╚██████╗██║ ██║██║ ╚████║ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝ [18:47:36] INFO Scanning /app using plugins ['credscan', 'ts', 'nodejs', 'dockerfile', 'terraform', 'yaml', 'bash', 'depscan']
^^^ auto-detected scan types, ignored scan_type setting of local config
Amazing! Ty, sir.
erichs
commented
3 years ago
Versions 1.15.8 and previous support setting
scan_typein a local.sastscanrcand Versions 2.0.0+ do not.Given a local
.sastscanrc(pulled from test/data/.sastscanrc):The following commands demonstrate the regression:
^^^ Expected scan types seen
^^^ auto-detected scan types, ignored
scan_typesetting of local config