From 25dabbb71517e1611ef021cf51894c418771f703 Mon Sep 17 00:00:00 2001
From: jung bong <jgbong0306@gmail.com>
Date: Tue, 12 Mar 2024 12:03:59 +0000
Subject: [PATCH] Update sonarqube-check.gitlab-ci.yml

---
 .gitlab/ci/sonarqube-check.gitlab-ci.yml | 29 ++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/.gitlab/ci/sonarqube-check.gitlab-ci.yml b/.gitlab/ci/sonarqube-check.gitlab-ci.yml
index 443839d..b0c2e60 100644
--- a/.gitlab/ci/sonarqube-check.gitlab-ci.yml
+++ b/.gitlab/ci/sonarqube-check.gitlab-ci.yml
@@ -1,16 +1,20 @@
+stages:
+    - sonarqube-check
+    - sonarqube-vulnerability-report
+
 sonarqube-check:
   stage: sonarqube-check
-  image:
+  image: 
     name: sonarsource/sonar-scanner-cli:5.0
     entrypoint: [""]
   variables:
-    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
-    GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
   cache:
     key: "${CI_JOB_NAME}"
     paths:
       - .sonar/cache
-  script:
+  script: 
     - sonar-scanner
   allow_failure: true
   only:
@@ -18,3 +22,20 @@ sonarqube-check:
     - master
     - main
     - develop
+
+sonarqube-vulnerability-report:
+  stage: sonarqube-vulnerability-report
+  script:
+    - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=pieroot_pso_AY4yioUduAwlZ9Y7RLBU&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+  allow_failure: true
+  only:
+    - merge_requests
+    - master
+    - main
+    - develop
+  artifacts:
+    expire_in: 1 day
+    reports:
+      sast: gl-sast-sonar-report.json
+  dependencies:
+    - sonarqube-check