summaryrefslogtreecommitdiff
path: root/.gitlab/ci/reports.gitlab-ci.yml
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab/ci/reports.gitlab-ci.yml')
-rw-r--r--.gitlab/ci/reports.gitlab-ci.yml34
1 files changed, 25 insertions, 9 deletions
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 4cc03fdb1a4..690a971927c 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -74,33 +74,35 @@ gemnasium-dependency_scanning:
- apk add jq
# Lower execa severity based on https://gitlab.com/gitlab-org/gitlab/-/issues/223859#note_452922390
- jq '(.vulnerabilities[] | select (.cve == "yarn.lock:execa:gemnasium:05cfa2e8-2d0c-42c1-8894-638e2f12ff3d")).severity = "Medium"' gl-dependency-scanning-report.json > temp.json && mv temp.json gl-dependency-scanning-report.json
- rules: !reference [".reports:rules:dependency_scanning", rules]
+ rules: !reference [".reports:rules:gemnasium-dependency_scanning", rules]
bundler-audit-dependency_scanning:
- rules: !reference [".reports:rules:dependency_scanning", rules]
+ rules: !reference [".reports:rules:bundler-audit-dependency_scanning", rules]
retire-js-dependency_scanning:
- rules: !reference [".reports:rules:dependency_scanning", rules]
+ rules: !reference [".reports:rules:retire-js-dependency_scanning", rules]
gemnasium-python-dependency_scanning:
- rules: !reference [".reports:rules:dependency_scanning", rules]
+ rules: !reference [".reports:rules:gemnasium-python-dependency_scanning", rules]
# Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
-package_hunter:
+.package_hunter-base:
extends:
- .default-retry
- - .reports:rules:package_hunter
stage: test
image:
- name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
+ name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:1.1.0
entrypoint: [""]
+ variables:
+ DEBUG: '*'
+ HTR_user: '$PACKAGE_HUNTER_USER'
+ HTR_pass: '$PACKAGE_HUNTER_PASS'
needs: []
allow_failure: true
- script:
+ before_script:
- rm -r spec locale .git app/assets/images doc/
- cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
- - DEBUG=* HTR_user=$PACKAGE_HUNTER_USER HTR_pass=$PACKAGE_HUNTER_PASS node /usr/src/app/cli.js analyze --format gitlab gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
artifacts:
paths:
- gl-dependency-scanning-report.json
@@ -108,6 +110,20 @@ package_hunter:
dependency_scanning: gl-dependency-scanning-report.json
expire_in: 1 week
+package_hunter-yarn:
+ extends:
+ - .package_hunter-base
+ - .reports:rules:package_hunter-yarn
+ script:
+ - node /usr/src/app/cli.js analyze --format gitlab --manager yarn gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
+
+package_hunter-bundler:
+ extends:
+ - .package_hunter-base
+ - .reports:rules:package_hunter-bundler
+ script:
+ - node /usr/src/app/cli.js analyze --format gitlab --manager bundler gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
+
license_scanning:
extends: .default-retry
needs: []
View Lorry Controller Status