在我的 GitLab CI 中:
include:
- template: Security/SAST.gitlab-ci.yml
- template: DAST.gitlab-ci.yml
stages:
- test
- dast
sast:
stage: test
tags:
- docker
安全代码扫描失败并出现错误:
[FATA] [security-code-scan] [2022-01-11T13:42:08Z] ▶ Unable to build project from solution file using `nuget and `msbuild`.
/builds/XXX/XX(SP)/XX.csproj(297,3): error MSB4019: The imported project "/usr/lib/mono/xbuild/Microsoft/VisualStudio/v16.0/SharePointTools/Microsoft.VisualStudio.SharePoint.targets" was not found. Confirm that the expression in the Import declaration "/usr/lib/mono/xbuild/Microsoft/VisualStudio/v16.0/SharePointTools/Microsoft.VisualStudio.SharePoint.targets" is correct, and that the file exists on disk.
csproj 文件末尾有标准(sharepoint 项目相关)行:
<Import Project="$(VSToolsPath)\SharePointTools\Microsoft.VisualStudio.SharePoint.targets" Condition="'$(VSToolsPath)' != ''" />
当我评论这一行时 - 安全代码扫描成功通过,但发布和部署(从 VS 到 SharePoint 服务器)功能停止工作。
如何在不注释行的情况下通过安全代码扫描?