scan does not create comment in the merge request.

[avnsiva]

When trying to run a scan with the shift left test, its not updating the merge request in gitlab.com and self hosted Gitlab CE edition.

The yaml used is:

variables: GITHUB_TOKEN: $GITHUB_TOKEN GITLAB_TOKEN: $GITLAB_TOKEN SCAN_ANNOTATE_PR: "true"

scan: stage: test image: name: quay.io/shiftleft/scan-oss:latest script:

• scan --src ${CI_PROJECT_DIR} --type depscan --out_dir ${CI_PROJECT_DIR}/reports rules:
• when: always artifacts: name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME" paths:
  • $CI_PROJECT_DIR/reports/ when: always

The results looks like:

[15:13:28] INFO Baseline file written to /builds/siva.ah/spring-boot-rest-example/reports/.sastscan.baseline
Security Scan Summary
╔════════════════════════╤══════════╤══════╤════════╤═════╤════════╗ ║ Tool │ Critical │ High │ Medium │ Low │ Status ║ ╟────────────────────────┼──────────┼──────┼────────┼─────┼────────╢ ║ Dependency Scan (java) │ 30 │ 50 │ 24 │ 7 │ ❌ ║ ╚════════════════════════╧══════════╧══════╧════════╧═════╧════════╝ Uploading artifacts for failed job Uploading artifacts... /builds/siva.ah/spring-boot-rest-example/reports/: found 7 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=1958602230 responseStatus=201 Created token=gVeUsj1y Cleaning up project directory and file based variables 00:01 ERROR: Job failed: exit code 1

[avnsiva]

Am I getting something wrong here?

[prabhu]

@avnsiva Is this issue resolved?