aikebah
commented
1 month ago Best to look into https://docs.gitlab.com/ee/ci/docker/using_docker_images.html and digest its documentation.
The docker image is not an image 'designed for gitlab ci pipelines', but for usage with a standalone docker run invocation as documented on https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#docker.
While it should be possible to configure it properly within a gitlab ci pipeline I don't expected it to run out-of-the-box without gitlab specific tweaks.
anhthupham16
Hi I'm trying to scan my Gitlab project using owasp/dependency-check:latest open source without success, the json file I'm trying to get was not created and in the test phase the following output is received:
Uploading artifacts... WARNING: dependency-check-report.json: no matching files. Ensure that the artifact path is relative to the working directory (/builds/root/webgoat-scanning) ERROR: No files to upload
Job succeeded
but all I get on the artifacts is log file ..
Therefore, the file I am trying to send to defectDojo was not found and was not sent.
I would appreciate help with this, I am attaching the pipeline I created
PIPELINE
image: alpine:latest
stages:
build-job: stage: build script:
dependency-check: stage: test image: name: owasp/dependency-check:latest script:
deploy-job: stage: deploy environment: production script:
upload_to_defectdojo: stage: report script: