GitLab Documentation

CodeSonar can be used in a GitLab CI/CD pipeline to perform static analysis of project source code. GitLab provides this capability through its Static Application Security Testing (SAST) feature. GitLab can display the results of static analysis associated with your pipeline jobs. This feature is made possible by providing GitLab with a specially formatted SAST report artifact after a static analysis pipeline job completes.

The CodeSonar GitLab Integration package provides a utility for representing CodeSonar analysis results in GitLab's SAST report format. The package also provides some templates for setting-up your CI/CD pipelines to use CodeSonar, which are intended to make it easier for you to get started.

A typical way to use a GitLab CI/CD pipeline is to arrange for it to be executed whenever new Git commits are submitted to a Merge Request. When you add CodeSonar static analysis to your merge request pipeline, GitLab will display the new analysis warnings that are introduced by your merge request on the merge request page. The full set of warnings is always available on the pipeline page.

To continue reading the documentation please use the following link.

To download the latest integration kit please use this link which will require you to login into the support portal.

Was this article helpful?
2 out of 3 found this helpful

Articles in this section

White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.