IntegratingdotTEST with GitLab allows you to review the results reported bydotTEST as in GitLab.
To integrate with GitLab, modify your GitLab workflow to include a job that will:
rundotTEST
- upload the results in the GitLab-specific SAST format.
- upload the reports in other formats (XML, HTML, etc.).
To ensure that the result are displayed, you must properly configure analysis withdotTEST . In particular, you must be sure to configure:
- the SAST report format.
thedotTEST setting that includes source control information in the report (
report.scontrol=min
orreport.scontrol=full
).- your SCM-specific settings, including the custom name of the tested branch (see Source Control Settings).
When the workflow executes, you can review the results in the Security tab of the GitLab pipeline and on GitLab's Vulnerability Report.
You can find more details and example workflow configuration at https://gitlab.com/parasoft/dottest-gitlab.