GitLab Documentation

CodeSonar can be used in a GitLab CI/CD pipeline to perform static analysis of project source code. GitLab provides this capability through its Static Application Security Testing (SAST) feature. GitLab can display the results of static analysis associated with your pipeline jobs. This feature is made possible by providing GitLab with a specially formatted SAST report artifact after a static analysis pipeline job completes.

The CodeSonar GitLab Integration package provides a utility for representing CodeSonar analysis results in GitLab's SAST report format. The package also provides some templates for setting-up your CI/CD pipelines to use CodeSonar, which are intended to make it easier for you to get started.

A typical way to use a GitLab CI/CD pipeline is to arrange for it to be executed whenever new Git commits are submitted to a Merge Request. When you add CodeSonar static analysis to your merge request pipeline, GitLab will display the new analysis warnings that are introduced by your merge request on the merge request page. The full set of warnings is always available on the pipeline page.

To continue reading the documentation please use the following link.

To download the latest integration kit please use this link which will require you to login into the support portal.

Was this article helpful?
0 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

GrammaTech Resource Library
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
Shift Left Academy
Shift Left Academy is an educational resource to help implement a security first approach. Shift Left focuses on finding and preventing defects and security vulnerabilities early in the software development process
Blog
Posts by topic including static analysis, software assurance, and binary analysis