Update Security Products jobs definitions

1 files changed, 38 insertions, 4 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4659722854e..2249115e82a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -735,16 +735,50 @@ codequality:
     expire_in: 1 week
 
 sast:
-  <<: *except-docs
-  image: registry.gitlab.com/gitlab-org/gl-sast:latest
+  <<: *dedicated-no-docs-no-db-pull-cache-job
+  image: docker:stable
   variables:
-    CONFIDENCE_LEVEL: 2
+    SAST_CONFIDENCE_LEVEL: 2
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  tags: []
   before_script: []
+  cache: {}
+  dependencies: []
+  services:
+    - docker:stable-dind
   script:
-    - /app/bin/run .
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
   artifacts:
     paths: [gl-sast-report.json]
 
+dependency_scanning:
+  <<: *dedicated-no-docs-no-db-pull-cache-job
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  tags: []
+  before_script: []
+  cache: {}
+  dependencies: []
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
+  artifacts:
+    paths: [gl-dependency-scanning-report.json]
+
 qa:internal:
   <<: *dedicated-no-docs-no-db-pull-cache-job
   services: []