Gitlab SAST failed with no visible reason

Question

I'm testing the SAST functionnality provided automatically by Gitlab.

My project (java, spring boot, maven) compiles well locally with mvn clean package.

I'm working with a hosted Gitlab and shared runners.

CI wasn't implemented yet.

I chose the generated .gitlab-ci.yml file

stages:
- test
sast:
  stage: test
include:
- template: Security/SAST.gitlab-ci.yml

And then, the job fails with a message like :

$ /analyzer run
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ GitLab Find Security Bugs analyzer v2.28.7
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Detecting project
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found project in /builds/myrepo/myproject
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Running analyzer
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found Mvnw project in /builds/myrepo/myproject directory
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Found 1 analyzable projects.
[INFO] [Find Security Bugs] [2021-11-01T16:27:54Z] ▶ Building Mvnw project at /builds/myrepo/myproject.
[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1

How can I know what went wrong ?

Answer 1

The error is in the second to last line of the container:

[ERRO] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ Project couldn't be built: exit status 1
[FATA] [Find Security Bugs] [2021-11-01T16:29:08Z] ▶ exit status 1

Assuming that your maven job is building fine locally, and it's building fine in a different maven container, I'd suggest that you configure the logging on the SAST job using the logging levels defined in the documentation, and gather some additional information: https://docs.gitlab.com/ee/user/application_security/sast/#logging-level