diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-09 21:09:19 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-09 21:09:19 +0000 |
| commit | 254ec28f5448f6f353cd98f637985de3d1405854 (patch) | |
| tree | 1c84ed7b7dd32db96454af034cd6c7e90699e76d /doc/user/application_security/dependency_scanning/analyzers.md | |
| parent | 141902c04943d5fb43c014b8cf42af60a3bc0cdf (diff) | |
| download | gitlab-ce-254ec28f5448f6f353cd98f637985de3d1405854.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/application_security/dependency_scanning/analyzers.md')
| -rw-r--r-- | doc/user/application_security/dependency_scanning/analyzers.md | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/doc/user/application_security/dependency_scanning/analyzers.md b/doc/user/application_security/dependency_scanning/analyzers.md index 3b4b341739b..26352f21cfb 100644 --- a/doc/user/application_security/dependency_scanning/analyzers.md +++ b/doc/user/application_security/dependency_scanning/analyzers.md @@ -83,8 +83,11 @@ That's needed when one totally relies on [custom analyzers](#custom-analyzers). ## Custom analyzers -You can provide your own analyzers as a comma separated list of Docker images. -Here's how to add `analyzers/nugget` and `analyzers/perl` to the default images. +### Custom analyzers with Docker-in-Docker + +When Docker-in-Docker for Dependency Scanning is enabled, +you can provide your own analyzers as a comma-separated list of Docker images. +Here's how to add `analyzers/nuget` and `analyzers/perl` to the default images. In `.gitlab-ci.yml` define: ```yaml @@ -92,7 +95,7 @@ include: template: Dependency-Scanning.gitlab-ci.yml variables: - DS_ANALYZER_IMAGES: "my-docker-registry/analyzers/nugget,amy-docker-registry/nalyzers/perl" + DS_ANALYZER_IMAGES: "my-docker-registry/analyzers/nuget,amy-docker-registry/analyzers/perl" ``` The values must be the full path to the container registry images, @@ -103,6 +106,28 @@ This configuration doesn't benefit from the integrated detection step. Dependenc Scanning has to fetch and spawn each Docker image to establish whether the custom analyzer can scan the source code. +### Custom analyzers without Docker-in-Docker + +When Docker-in-Docker for Dependency Scanning is disabled, you can provide your own analyzers by +defining CI jobs in your CI configuration. For consistency, you should suffix your custom Dependency +Scanning jobs with `-dependency_scanning`. Here's how to add a scanning job that's based on the +Docker image `my-docker-registry/analyzers/nuget` and generates a Dependency Scanning report +`gl-dependency-scanning-report.json` when `/analyzer run` is executed. Define the following in +`.gitlab-ci.yml`: + +```yaml +nuget-dependency_scanning: + image: + name: "my-docker-registry/analyzers/nuget" + script: + - /analyzer run + artifacts: + reports: + dependency_scanning: gl-dependency-scanning-report.json +``` + +The [Security Scanner Integration](../../../development/integrations/secure.md) documentation explains how to integrate custom security scanners into GitLab. + ## Analyzers data The following table lists the data available for each official analyzer. |