summaryrefslogtreecommitdiff
path: root/.gitlab-ci.yml
diff options
context:
space:
mode:
authorOlivier Gonzalez <ogonzalez@gitlab.com>2018-04-10 12:59:22 +0000
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2018-04-10 12:59:22 +0000
commita3617fb8b9d20acb361d78f476e9ad2b4c9ae118 (patch)
treec535faf7c50b03bc9b17e9868e50a65c2b9df423 /.gitlab-ci.yml
parente4c8a84d7aa28112c4f9bf41390edf04675ebcef (diff)
downloadgitlab-ce-a3617fb8b9d20acb361d78f476e9ad2b4c9ae118.tar.gz
Update Security Products jobs definitions
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r--.gitlab-ci.yml42
1 files changed, 38 insertions, 4 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4659722854e..2249115e82a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -735,16 +735,50 @@ codequality:
expire_in: 1 week
sast:
- <<: *except-docs
- image: registry.gitlab.com/gitlab-org/gl-sast:latest
+ <<: *dedicated-no-docs-no-db-pull-cache-job
+ image: docker:stable
variables:
- CONFIDENCE_LEVEL: 2
+ SAST_CONFIDENCE_LEVEL: 2
+ DOCKER_DRIVER: overlay2
+ allow_failure: true
+ tags: []
before_script: []
+ cache: {}
+ dependencies: []
+ services:
+ - docker:stable-dind
script:
- - /app/bin/run .
+ - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+ - docker run
+ --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+ --volume "$PWD:/code"
+ --volume /var/run/docker.sock:/var/run/docker.sock
+ "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
artifacts:
paths: [gl-sast-report.json]
+dependency_scanning:
+ <<: *dedicated-no-docs-no-db-pull-cache-job
+ image: docker:stable
+ variables:
+ DOCKER_DRIVER: overlay2
+ allow_failure: true
+ tags: []
+ before_script: []
+ cache: {}
+ dependencies: []
+ services:
+ - docker:stable-dind
+ script:
+ - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+ - docker run
+ --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+ --volume "$PWD:/code"
+ --volume /var/run/docker.sock:/var/run/docker.sock
+ "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
+ artifacts:
+ paths: [gl-dependency-scanning-report.json]
+
qa:internal:
<<: *dedicated-no-docs-no-db-pull-cache-job
services: []