Exakat Docker Container - SAST stage for Gitlab CI/CD Pipeline

Exakat is a static analysis engine a tool for analyzing, reporting and assessing PHP code source efficiently and systematically. Exakat processes PHP 5.6 to 7.4 code, as well as reporting on security, performance, code quality, migration. Common best practices and recommendations for specific plat-forms such as Laravel, Wordpress, CakePHP or Drupal Framework are covered. Check all supported Frameworks here.

We propose a Docker container to install and run Exakat 2.0.6 locally or as a part of a Static Application Security Testing (SAST) stage for Gitlab CI/CD Pipeline Integration. The resulted analysis reports can be retrieved as artefacts. See Gitlab CI/CD Pipeline Integration section.

Built With

• Exakat 2.0.6
• PHP 7.4 binary for exakat execution
• PHPBrew 1.26.0 PHP 7.3, 7.2, 7.1, 7.0, 5.6 (PHP with tokenizer and mbstring) for exakat analysis
• Gremlin Server 3.4.6
• Neo4j Gremlin 3.4.6
• Git, Mercurial, Composer

1) Run Local Code Analysis

1. Install the sfrod/exakat-ci container:

   $ docker pull sfrod/exakat-ci:latest

   Use Cases

2. Run Exakat PHP analysis and mounting an existing directory to fetch the reports:

   $ mkdir reports
   $ docker run -v <path/to/project/folder>:/src/ -v \ $(pwd)/reports:/report/ sfrod/exakat-ci:latest

3. Run Exakat PHP analysis and creating a volume called 'reports' to fetch the reports:

   $ docker run -v <path/to/project/folder>:/src/ -v reports:/report/ sfrod/exakat-ci:latest

4. Run Exakat PHP analysis based on a framework. Check all supported Frameworks here. :

   $ docker run -v <path/to/project/folder>:/src/ -v $(pwd)/reports:/report/ sfrod/exakat-ci:latest Laravel

2) Gitlab CI/CD Pipeline Intergration

1. Add this stage in your .gitlab-ci.yml file. Or take a look at our template-gitlab-ci.yml file. Reports can be retrieved as artifacts at the end of the job. Analysis using Frameworks are in Text format named as Ext_'used Framework'_report.txt.

   stages:
      - sast
   
   sast:
       stage: sast
       image: docker:latest
       services: 
       - docker:18-dind
       variables:
       DOCKER_DRIVER: overlay2
       SHARED_PATH: /builds/$CI_PROJECT_PATH/shared
       script:
       - mkdir -p ${SHARED_PATH}
       - docker run -v $CI_PROJECT_DIR:/src -v ${SHARED_PATH}:/report sfrod/exakat-ci:latest Laravel
       artifacts:
       when: always
       paths:
           - /builds/$CI_PROJECT_PATH/shared/*

Disclamer

This is an unofficial build and my try to build an exakat container to integrate it as a Static Application Security Testing (SAST) stage at Gitlab CI/CD Pipeline workflow.