Could you please help me with what could be the issue with the gitlab-ci.yml file here? I have this code:
variables:
SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
SAST_IMAGE_SUFFIX: ''
SAST_EXCLUDED_ANALYZERS: ''
SAST_EXCLUDED_PATHS: spec, test, tests, tmp
SCAN_KUBERNETES_MANIFESTS: 'false'
stages:
- test
- process-js
- process-php
phpcs-security-audit-sast:
image: registry.gitlab.com/security-products/sast/phpcs-security-audit:2
stage: test
artifacts:
paths:
- gl-sast-report.json
rules:
- if: "$SAST_DISABLED == 'true' || $SAST_DISABLED == '1'"
when: never
- if: "$SAST_EXCLUDED_ANALYZERS =~ /phpcs-security-audit/"
when: never
- if: "$CI_COMMIT_BRANCH"
exists:
- "**/*.php"
variables:
SEARCH_MAX_DEPTH: 4
SAST_ANALYZER_IMAGE_TAG: 4
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
script:
- /analyzer run
nodejs-scan-sast:
stage: test
artifacts:
reports:
sast:
- gl-sast-report.json
rules:
- if: "$SAST_DISABLED == 'true' || $SAST_DISABLED == '1'"
when: never
- if: "$SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/"
when: never
- if: "$CI_COMMIT_BRANCH"
exists:
- "**/package.json"
variables:
SEARCH_MAX_DEPTH: 4
SAST_ANALYZER_IMAGE_TAG: 4
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
script:
- "/analyzer run"
zpracovani-json-phpcs:
image: cylab/php74
stage: process-php
needs:
- job: phpcs-security-audit-sast
script:
- php sast-vuln-checker.php gl-sast-report.json $CI_PROJECT_NAME
zpracovani-json-nodejs:
image: cylab/php74
stage: process-php
needs:
- job: nodejs-scan-sast
script:
- php sast-vuln-checker.php gl-sast-report.json $CI_PROJECT_NAME
But it still fails with the error:
Unable to create pipeline 'zpracovani-json-nodejs' job needs 'nodejs-scan-sast' job, but 'nodejs-scan-sast' is not in any previous stage
I would need to perform SAST scanning for PHP and JS within the CI/CD.