I am trying to integrate Gitlab SAST into my pipeline and facing the following error for SemGrep analyzer during generation of the report.
The error:
[DEBU] [Semgrep] [2022-10-11T10:02:55Z] [/go/src/buildapp/analyze.go:137] METRICS: Using configs from the Registry (like --config=p/ci) reports pseudonymous rule metrics to semgrep.dev.
To disable Registry rule metrics, use "--metrics=off".
Using configs only from local files (like --config=xyz.yml) does not enable metrics.
More information: https://semgrep.dev/docs/metrics
Scanning across multiple languages:
java | 86 rules × 37 files
js | 13 rules × 1 file
[INFO] [Semgrep] [2022-10-11T10:02:55Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/[email protected]/run.go:179] Creating report
[DEBU] [Semgrep] [2022-10-11T10:02:55Z] [/go/src/buildapp/convert.go:25] Converting report with the root path: /path/to/my/repo
[FATA] [Semgrep] [2022-10-11T10:02:55Z] [/go/src/buildapp/main.go:27] tool notification error: SemgrepError Error while running rules: 0 bytes read on a total of 2 expected bytes
Any ideas where to look?
The change Gitlab runner to bigger one (cpu, ram) helped.