From d1ba05883cc819e43a9fff181aeb44335d46e978 Mon Sep 17 00:00:00 2001
From: Evan Fetsko <evan.fetsko@mongodb.com>
Date: Tue, 9 Sep 2025 10:25:35 -0400
Subject: [PATCH] SERVER-110489: use github_commit expansion and cd into
 10gen/mongo to get commit datetime (#41056)

GitOrigin-RevId: d433b42be0531d12228e5705ffe6a4483b14c979
---
 .github/CODEOWNERS                                   | 2 ++
 etc/evergreen_yml_components/tasks/release_tasks.yml | 1 +
 evergreen/OWNERS.yml                                 | 6 ++++++
 evergreen/generate_sast_report.sh                    | 8 ++++++--
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 417031499fa..fd17614134a 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -347,6 +347,8 @@ WORKSPACE.bazel @10gen/devprod-build @svc-auto-approve-bot
 /evergreen/packager_crypt_py_run.sh @10gen/devprod-build @svc-auto-approve-bot
 /evergreen/perf-submission.sh @10gen/devprod-performance-analysis @svc-auto-approve-bot
 /evergreen/streams* @10gen/streams-engine @svc-auto-approve-bot
+/evergreen/generate_sast_report.sh @10gen/devprod-release-infrastructure @svc-auto-approve-bot
+/evergreen/write_sast_report_env_file.sh @10gen/devprod-release-infrastructure @svc-auto-approve-bot
 
 # The following patterns are parsed from ./jstests/OWNERS.yml
 /jstests/README.md @10gen/devprod-correctness @svc-auto-approve-bot
diff --git a/etc/evergreen_yml_components/tasks/release_tasks.yml b/etc/evergreen_yml_components/tasks/release_tasks.yml
index dd9f4de5182..5a8b08b4dcd 100644
--- a/etc/evergreen_yml_components/tasks/release_tasks.yml
+++ b/etc/evergreen_yml_components/tasks/release_tasks.yml
@@ -33,6 +33,7 @@ tasks:
           env:
             WORK_DIR: ${workdir}
             MODULE_PATH: ${workdir}/devprodCoveritySrc/devprod_coverity
+            GITHUB_COMMIT: ${github_commit}
             TRIGGERED_BY_GIT_TAG: ${triggered_by_git_tag}
             MONGODB_VERSION: ${version}
             MONGODB_RELEASE_BRANCH: ${branch_name}
diff --git a/evergreen/OWNERS.yml b/evergreen/OWNERS.yml
index 2809b919f18..548f0ee5fc6 100644
--- a/evergreen/OWNERS.yml
+++ b/evergreen/OWNERS.yml
@@ -42,3 +42,9 @@ filters:
   - "streams*":
     approvers:
       - 10gen/streams-engine
+  - "generate_sast_report.sh":
+    approvers:
+      - 10gen/devprod-release-infrastructure
+  - "write_sast_report_env_file.sh":
+    approvers:
+      - 10gen/devprod-release-infrastructure
diff --git a/evergreen/generate_sast_report.sh b/evergreen/generate_sast_report.sh
index cc282ac7d30..8d6257086d0 100755
--- a/evergreen/generate_sast_report.sh
+++ b/evergreen/generate_sast_report.sh
@@ -1,10 +1,14 @@
 #!/bin/env bash
 set -eux
 
+# get the datetime for the current commit SHA
+cd ${WORK_DIR}/src
+commit_datetime=$(git show -s --format=%cd --date=iso-strict ${GITHUB_COMMIT})
+echo "Date and time of commit: $commit_datetime"
+
+# generate the SAST report
 cd ${MODULE_PATH}/scripts
 echo "Running SAST report generation script..."
-commit_datetime=$(git log -1 --format=%cd --date=iso-strict)
-echo "Date and time of commit: $commit_datetime"
 virtualenv -p python3.12 .venv
 source .venv/bin/activate
 pip install -r sast_reporting/requirements.txt