pcfens / sast-parser Goto Github PK

Hi,

First of all, I would like to thank you for your job! I think this is a missing piece in gitlab!

Gitlab just upgraded kubesec output report version to 15. I have seen in the code that there is an specific check that if version >= 15 the job fails.

I tried to manually change the version to 14 to bypass this verification and everything worked properly.

Is there any additional reason to keep this verification there? Would not make more sense to add this verification as a flag?

Thank you!

Would be great if one could have a flag/option to output Markdown or Plain Text example:

sast-parser --html gl-sast-report.json (default)
sast-parser --markdown gl-sast-report.json
sast-parser --text gl-sast-report.json

I would like to use this parser for a project, but the repo doesn't have any license associated with it.

I tried using this against a gl-sast-report.json file from the latest Gitlab v14.8.2 and it was unable to parse it.
I've included the file for reference. It's getting tripped up on this line:
"version": "14.0.4",
gl-sast-report.json.txt

can you give an example usage?

docker run --rm -v $(pwd)/gl-sast-report.json:/gl-sast-report.json pcfens/sast-parser /gl-sast-report.json
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/gl-sast-report.json": permission denied: unknown.

maybe CMD in dockerfile should be replaced in ENTRYPOINT

also looks the image on dockerhub is not updated as is from 2 years ago