Remove path from semgrep command to output relative paths

vrk-kpa · Sep 30, 2024 · 754c5e7 · 754c5e7
1 parent 30c9fd0
commit 754c5e7
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -48,7 +48,7 @@ jobs:
 
       - name: Run sast scanner
         run: |
-          docker run --rm -v "${{ github.workspace }}:${{ github.workspace }}" -e LEVEL=HIGH -e TARGET=app -e FORMAT=sarif -e SRCDIR=${{ github.workspace }} -e OUTDIR=${{ github.workspace }}  $REPOSITORY/sast-scanner-meta:latest
+          docker run --rm -v "${{ github.workspace }}:/src" -e LEVEL=HIGH -e TARGET=APP -e FORMAT=sarif $REPOSITORY/sast-scanner-meta:latest
         env:
           REPOSITORY: ${{ secrets.TOOLS_REPOSITORY }}
 

diff --git a/docker/sast-scanner-meta/Dockerfile b/docker/sast-scanner-meta/Dockerfile
@@ -3,4 +3,6 @@ FROM 373155601093.dkr.ecr.eu-west-1.amazonaws.com/dvv/sast-scanner-meta:v1.0.0
 COPY ./entrypoint.sh /app/
 RUN ["chmod", "+x", "/app/entrypoint.sh"]
 
+WORKDIR /src
+
 ENTRYPOINT ["sh", "-c", "/app/entrypoint.sh ${LEVEL} ${TARGET} ${SRCDIR} ${IACDIR} ${OUTDIR} ${FORMAT} ${EXCLUDE_RULES}"]
diff --git a/docker/sast-scanner-meta/entrypoint.sh b/docker/sast-scanner-meta/entrypoint.sh
@@ -111,7 +111,7 @@ run_semgrep() {
     echo "[*] JUNIT-XML format will be used."
     OUTPUT_ARGS="--junit-xml --output $OUTDIR/semgrep-$1-report.xml"
   fi
-  semgrep scan $3 --metrics=off $EXCLUDES $RULE_EXCLUSIONS $OUTPUT_ARGS $SEMGREP_SEVERITY --no-error $2 $ARGS
+  semgrep scan $3 --metrics=off $EXCLUDES $RULE_EXCLUSIONS $OUTPUT_ARGS $SEMGREP_SEVERITY --no-error $ARGS
 }
 
 if [ $2 = "APP" ]