Receive Semgrep MR comments through a GitLab runner

Generally, Semgrep recommends using the GitLab merge request pipeline to receive MR comments. This method is used in the default Semgrep GitLab config file.

However, you can also receive comments through your own GitLab runner by setting the following variables in your CI job:

export GITLAB_CI='true'
export CI_PROJECT_PATH='USERNAME/PROJECTNAME'
export CI_MERGE_REQUEST_PROJECT_URL='https://gitlab.com/USERNAME/PROJECTNAME'
export CI_PROJECT_URL="$CI_MERGE_REQUEST_PROJECT_URL"
export CI_COMMIT_SHA='COMMIT-SHA-VALUE'
export CI_COMMIT_REF_NAME='REF'
export CI_MERGE_REQUEST_TARGET_BRANCH_NAME='BRANCH_NAME'
export CI_JOB_URL='JOB_URL'
export CI_PIPELINE_SOURCE='merge_request_event'
export CI_MERGE_REQUEST_IID='REQUEST_IID'
export CI_MERGE_REQUEST_DIFF_BASE_SHA='SHA'
export CI_MERGE_REQUEST_TITLE='MERGE_REQUEST_TITLE'

Replace magenta-colored placeholders in the preceding code snippet with your specific values (for example USERNAME).

For more information on all of these variables see GitLab documentation Predefined variables reference.

Example with sample values:

export GITLAB_CI='true'
export CI_PROJECT_PATH="gitlab-org/gitlab-foss"
export CI_MERGE_REQUEST_PROJECT_URL="https://example.com/gitlab-org/gitlab-foss"
export CI_PROJECT_URL="$CI_MERGE_REQUEST_PROJECT_URL"
export CI_COMMIT_SHA="1ecfd275763eff1d6b4844ea3168962458c9f27a"
export CI_COMMIT_REF_NAME="main"
export CI_MERGE_REQUEST_TARGET_BRANCH_NAME="main"
export CI_JOB_URL="https://gitlab.com/gitlab-examples/ci-debug-trace/-/jobs/379424655"
export CI_PIPELINE_SOURCE='merge_request_event'
export CI_MERGE_REQUEST_IID="1"
export CI_MERGE_REQUEST_DIFF_BASE_SHA="1ecfd275763eff1d6b4844ea6874447h694gh23d"
export CI_MERGE_REQUEST_TITLE="Testing branches"