I have installed sonarqube community build 10.7 on K8s. But after integrating gitlab with sonarqube along with sonarscanner on the cicd pipelines, I am unable to get the sast report.
Hey @ShinyDhas
GET api/issues/gitlab_sast_export is only available in Developer Edition and higher. It’s a mistake that it’s shown in the analysis tutorial for SonarQube Community Build, and I’ve flagged this for attention.
You should remove this from your build.
sonarqube-vulnerability-report:
stage: sonarqube-vulnerability-report
script:
- 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=fa&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
allow_failure: true
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_BRANCH == 'master'
- if: $CI_COMMIT_BRANCH == 'main'
- if: $CI_COMMIT_BRANCH == 'develop'
artifacts:
expire_in: 1 day
reports:
sast: gl-sast-sonar-report.json
Hello @ShinyDhas @Colin ,
Indeed that is correct, thank you for reporting this issue. I’ve created SONAR-23880 to fix it.
The ticket is already in progress and we will aim to include this fix in the next release.
1 Like