ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
804 stars 111 forks source link

.sastscanrc file is not read from the current directory when invoking from within the docker #339

Open prabhu opened 3 years ago

prabhu commented 3 years ago

https://github.com/ShiftLeftSecurity/sast-scan/blob/master/lib/config.py#L1594

It is possibly expecting SAST_SCAN_SRC_DIR to be set which could default to "."

prabhu commented 3 years ago

I think we should revisit this style of overriding config and see if there is a better approach out there.