gitlab_security_report_converter 1.0.1

Parse Build output files from Security Code Scan and dotnet-retire and convert to gitlab security report json format

dotnet tool install --global gitlab_security_report_converter --version 1.0.1
This package contains a .NET Core Global Tool you can call from the shell/command line.

GitLab Security Code converter

Convert Security reports to GitLab Report format

security-code-scan (SAST)

use te following example to create the file

dotnet tool install gitlab_security_report_converter --tool-path tools
for f in $(find . -type f -name *.csproj) ; do dotnet add "$f" package SecurityCodeScan ; done
dotnet build --no-incremental /flp:v=q /flp:logfile=msbuild.out
./tools/gitlab_security_report_converter --converter=security_code_scan --input=msbuild.out --output=gl-sast-report.json

dotnet-retire (Dependency Scanning)

dotnet tool install dotnet-retire --tool-path tools
dotnet tool install gitlab_security_report_converter --tool-path tools
RESULTFILE=$PWD/dotnet-retire.out
export PATH="$PATH:$PWD/tools"
for f in $(find . -type f -name *.csproj) ; do echo $f && pushd $(dirname $f) > /dev/null && echo \<\<$f\>\> >> $RESULTFILE && dotnet-retire >> $RESULTFILE && popd > /dev/null ; done
./tools/gitlab_security_report_converter --converter=dotnet-retire --input=dotnet-retire.out --output=gl-dependency-scanning-report.json

GitLab Security Code converter

Convert Security reports to GitLab Report format

security-code-scan (SAST)

use te following example to create the file

dotnet tool install gitlab_security_report_converter --tool-path tools
for f in $(find . -type f -name *.csproj) ; do dotnet add "$f" package SecurityCodeScan ; done
dotnet build --no-incremental /flp:v=q /flp:logfile=msbuild.out
./tools/gitlab_security_report_converter --converter=security_code_scan --input=msbuild.out --output=gl-sast-report.json

dotnet-retire (Dependency Scanning)

dotnet tool install dotnet-retire --tool-path tools
dotnet tool install gitlab_security_report_converter --tool-path tools
RESULTFILE=$PWD/dotnet-retire.out
export PATH="$PATH:$PWD/tools"
for f in $(find . -type f -name *.csproj) ; do echo $f && pushd $(dirname $f) > /dev/null && echo \<\<$f\>\> >> $RESULTFILE && dotnet-retire >> $RESULTFILE && popd > /dev/null ; done
./tools/gitlab_security_report_converter --converter=dotnet-retire --input=dotnet-retire.out --output=gl-dependency-scanning-report.json

Dependencies

This package has no dependencies.

Version History

Version Downloads Last updated
1.0.1 254 6/26/2019
1.0.0 219 6/20/2019