diff options
author | Victor Zagorodny <vzagorodny@gitlab.com> | 2019-03-01 20:52:55 +0200 |
---|---|---|
committer | Victor Zagorodny <vzagorodny@gitlab.com> | 2019-03-07 18:56:48 +0200 |
commit | 93a9eb99804be6f8973947bd145b6d168dc1418c (patch) | |
tree | b1df45581d40fc00d682a41b77ceb01593b9b6d0 | |
parent | 7aa3c9b30fc82e91a6b0f72b52343cd935740ee3 (diff) | |
download | gitlab-ce-8660-add-ci-template-for-sast-ce.tar.gz |
Add vendored CI/CD template for SAST job8660-add-ci-template-for-sast-ce
-rw-r--r-- | lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml new file mode 100644 index 00000000000..92492b8ebc8 --- /dev/null +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -0,0 +1,46 @@ +# Read more about this feature here: https://docs.gitlab.com/ee/user/project/merge_requests/sast.html +# +# Configure the scanning tool through the environment variables. +# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings +# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables + +stages: + - test + +sast: + stage: test + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:stable-dind + script: + - export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} + - | + docker run \ + --env SAST_ANALYZER_IMAGES \ + --env SAST_ANALYZER_IMAGE_PREFIX \ + --env SAST_ANALYZER_IMAGE_TAG \ + --env SAST_DEFAULT_ANALYZERS \ + --env SAST_BRAKEMAN_LEVEL \ + --env SAST_GOSEC_LEVEL \ + --env SAST_FLAWFINDER_LEVEL \ + --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ + --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ + --env SAST_RUN_ANALYZER_TIMEOUT \ + --volume "$PWD:/code" \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code + artifacts: + reports: + sast: gl-sast-report.json + dependencies: [] + only: + refs: + - branches + variables: + - $GITLAB_FEATURES =~ /\bsast\b/ + except: + variables: + - $SAST_DISABLED |