semgrep-sast
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 17.4.0~pre.110.g27400594 (27400594)2 on blue-2.private.runners-manager.gitlab.com/staging.gitlab.com zzTg-Kmy, system ID: s_49b872f8ccf63Resolving secrets5Using Docker executor with image registry.gitlab.com/security-products/semgrep:5 ...6Pulling docker image registry.gitlab.com/security-products/semgrep:5 ...7Using docker image sha256:573f153966783446809c5995e57615a8ccbdcd4cc605d07275b6aa491472eb45 for registry.gitlab.com/security-products/semgrep:5 with digest registry.gitlab.com/security-products/semgrep@sha256:684e80bc23c6878f220895ffb55b821c0d4f9649b8dac45fe561daa8d372ff00 ...9Running on runner-zztg-kmy-project-7091227-concurrent-0 via runner-zztg-kmy-private-1727192721-a73aa77f...11Fetching changes with git depth set to 20...12Initialized empty Git repository in /builds/gitlab-com/gl-infra/common-ci-tasks/.git/13Created fresh repository.14Checking out 870b3ee6 as detached HEAD (ref is mattmi/add-chef-template)...15Skipping Git submodules setup16$ git remote set-url origin "${CI_REPOSITORY_URL}"18Using docker image sha256:573f153966783446809c5995e57615a8ccbdcd4cc605d07275b6aa491472eb45 for registry.gitlab.com/security-products/semgrep:5 with digest registry.gitlab.com/security-products/semgrep@sha256:684e80bc23c6878f220895ffb55b821c0d4f9649b8dac45fe561daa8d372ff00 ...19$ /analyzer run20[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ GitLab Semgrep analyzer v5.15.021[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Detecting project22[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Analyzer will attempt to analyze all projects in the repository23[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Loading ruleset for /builds/gitlab-com/gl-infra/common-ci-tasks24[WARN] [Semgrep] [2024-09-24T15:46:18Z] ▶ /builds/gitlab-com/gl-infra/common-ci-tasks/.gitlab/sast-ruleset.toml not found, ruleset customization will be disabled.25[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Running analyzer26[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ 19 active rule files detected with 590 active rules27[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/bandit.yml': 'eb05c3eedb03dc71ee30851f488bbde16a6ce968d593ef8761304ac753a0a174'28[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/eslint.yml': '6f56a19be4aaf8ef188a349df8b723f65cb84d836624860407ebc2a49704106e'29[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/find_sec_bugs.yml': '59014b1ea7f0f5a779267f5a9b25f31a4268fded25acf07a8fff8fcc8dd7f2b5'30[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/find_sec_bugs_scala.yml': '21d17f120429057b30c2ff0d450b2699f3c1209c93d807968032549c532eeebf'31[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/flawfinder.yml': 'd2f2b3b8de3df70e0659bd579a361f9537de1573c6b45ca972944964e4c1c52e'32[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/gitlab/gitlab_ee_java.yml': '48d6f2d8bcbd6eecfc498de7de2e3a64c0ec9762d07f99bfd90fb30c9c1ea83f'33[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/gitlab/gitlab_ee_javascript.yml': '373f01b1bbd751bdfb584d2d201bec876cf1877f8fb17b625659c058c3d6c45e'34[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/gitlab_ce_python.yml': '3858706bc49608dc0c1bf8ad7cbc5434125c43d738508edb6f8d4cb2532305a0'35[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/gitlab_ce_scala.yml': 'f809bb49f0948decd7246cc1b28e070edc35d5f1be84567774578472bdf7244b'36[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/gosec.yml': '8efe509470af4ef7f84c3b10438172d97b71e526ffe4140e01ccc609ee963c3b'37[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl-cc/brakeman.yml': 'f84af1052ba36516270a098f829636af38ccad9df482b7ca12421af9c68bfb46'38[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl-cc/gitlab_lgpl_cc_java.yml': 'c2894f583e8cffaec920a29e628120409d5923f26e21a252cee9c797657809e8'39[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl-cc/gitlab_lgpl_cc_javascript.yml': 'c33b64087eb1c366b5b216242ada36ef9d85780dffea0124c6049f75fd316d6f'40[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl-cc/gitlab_lgpl_cc_python.yml': '08d5acf7a3ccd2f78226f7a99d38be853708f752a5c434afd83b3fd80ca165a9'41[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl-cc/phpcs_security_audit.yml': '4d337d17d8ca30b831913fbb6e893c1644bcc8a842211c64b64baf3fafa93aff'42[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl/find_sec_bugs_kotlin.yml': '09e6ccedeb5123bb49a86e4823ef95c3113284ef1e654a69ea8e22d43434dfe7'43[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl/mobsf.yml': '205e7a812b2f88790507a5c6bc451ac9126310cb9cb064baf7c912eca750e833'44[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/lgpl/nodejs_scan.yml': '90af38d1761b1ec4330986f741ef518c6164af6253fc7fb1ab32fb81e19a4d8b'45[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ * rule file '/rules/security_code_scan.yml': '12c8605979e415e86d35e61a77d1eb89906fb1780a4ee74261c301a13f5aaf04'46[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Combined rule checksum: 'b2194f729fb005a385a626ad80a75fe68b46f3bd5cb4c2b101eef80d51455c30'47[INFO] [Semgrep] [2024-09-24T15:46:18Z] ▶ Using the GitLab SAST default ruleset48[INFO] [Semgrep] [2024-09-24T15:46:30Z] ▶ Creating report49[INFO] [2024-09-24T15:46:30Z] ▶ /builds/gitlab-com/gl-infra/common-ci-tasks/gl-report-post.json written51Uploading artifacts...52gl-sast-report.json: found 1 matching artifact files and directories 53WARNING: Upload request redirected location=https://staging.gitlab.com/api/v4/jobs/138412800/artifacts?artifact_format=raw&artifact_type=sast new-url=https://staging.gitlab.com54WARNING: Retrying... context=artifacts-uploader error=request redirected55Uploading artifacts as "sast" to coordinator... 201 Created id=138412800 responseStatus=201 Created token=glcbt-6657Job succeeded