diff options
author | Robert Speicher <robert@gitlab.com> | 2018-01-30 01:36:23 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2018-01-30 01:36:23 +0000 |
commit | 26c1eb1d8259d50c76ed3aeba78bf08672df07b5 (patch) | |
tree | bb970606581e8e9de75c66c7bb60eb3594bc94b6 | |
parent | 7a517b99a536362df4acd324897c30a1cb32dba7 (diff) | |
parent | 61f2224873bfdc54ce78bdd92a97c026f48841dd (diff) | |
download | gitlab-ce-26c1eb1d8259d50c76ed3aeba78bf08672df07b5.tar.gz |
Merge branch 'vendor-auto-devops-template-in-10-4' into '10-4-stable'
Update Auto-DevOps.gitlab-ci.yml
[ci skip]
See merge request gitlab-org/gitlab-ce!16691
-rw-r--r-- | changelogs/unreleased/42268-vendor-auto-devops-template-in-10-4.yml | 5 | ||||
-rw-r--r-- | vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 32 |
2 files changed, 34 insertions, 3 deletions
diff --git a/changelogs/unreleased/42268-vendor-auto-devops-template-in-10-4.yml b/changelogs/unreleased/42268-vendor-auto-devops-template-in-10-4.yml new file mode 100644 index 00000000000..48e2a5c0820 --- /dev/null +++ b/changelogs/unreleased/42268-vendor-auto-devops-template-in-10-4.yml @@ -0,0 +1,5 @@ +--- +title: Vendor Auto DevOps template with DAST security checks enabled +merge_request: 16691 +author: +type: changed diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 7046932342b..e56cdd411c0 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -42,6 +42,7 @@ stages: - build - test - review + - dast - staging - canary - production @@ -130,6 +131,23 @@ sast:container: artifacts: paths: [gl-sast-container-report.json] +dast: + stage: dast + allow_failure: true + image: owasp/zap2docker-stable + variables: + POSTGRES_DB: "false" + script: + - dast + artifacts: + paths: [gl-dast-report.json] + only: + refs: + - branches + kubernetes: active + except: + - master + review: stage: review script: @@ -270,8 +288,8 @@ production: docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 apk add -U wget ca-certificates docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} - wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 - mv clair-scanner_linux_386 clair-scanner + wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 + mv clair-scanner_linux_amd64 clair-scanner chmod +x clair-scanner touch clair-whitelist.yml ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true @@ -473,6 +491,14 @@ production: -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - } + function dast() { + export CI_ENVIRONMENT_URL=$(cat environment_url.txt) + + mkdir /zap/wrk/ + /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true + cp /zap/wrk/gl-dast-report.json . + } + function performance() { export CI_ENVIRONMENT_URL=$(cat environment_url.txt) @@ -510,4 +536,4 @@ production: } before_script: - - *auto_devops + - *auto_devops
\ No newline at end of file |