Fixed annotating gitlab merge request when using only depscan.

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

https://discord.gg/DCNxzaeUpd

Apache License 2.0

788 stars 112 forks source link

Fixed annotating gitlab merge request when using only depscan. #361

Closed adarshshetty18 closed 2 years ago

adarshshetty18 commented 2 years ago

Using depscan with other tools creates a comment on merge request on gitlab. But using only depscan module does not create the comment on merge request on gitlab as depscan has no finding file/ sarif files & hence it passes through should_annotate function. I've tried to fix this issue which is also mentioned in https://github.com/ShiftLeftSecurity/sast-scan/issues/357

prabhu commented 2 years ago

@adarshshetty1 Thank you for this PR! Did you get a chance to test this? Could you share any screenshot or public repo since I don't have time to test this personally?