summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml8
-rw-r--r--lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml54
-rw-r--r--lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml51
3 files changed, 51 insertions, 62 deletions
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index f786022beb0..b3eec2b6210 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -78,8 +78,14 @@ include:
- template: Jobs/Code-Quality.gitlab-ci.yml
- template: Jobs/Deploy.gitlab-ci.yml
- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
- - template: Jobs/DAST.gitlab-ci.yml
+ - template: Security/DAST.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Management.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
+
+# Override DAST job to exclude master branch
+dast:
+ except:
+ refs:
+ - master \ No newline at end of file
diff --git a/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml
deleted file mode 100644
index aedbbb21674..00000000000
--- a/lib/gitlab/ci/templates/Jobs/DAST.gitlab-ci.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-dast:
- stage: dast
- image: docker:stable
- variables:
- DOCKER_DRIVER: overlay2
- allow_failure: true
- services:
- - docker:stable-dind
- script:
- - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
- - export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- - |
- if ! docker info &>/dev/null; then
- if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
- export DOCKER_HOST='tcp://localhost:2375'
- fi
- fi
- - |
- function dast_run() {
- docker run \
- --env DAST_TARGET_AVAILABILITY_TIMEOUT \
- --volume "$PWD:/output" \
- --volume /var/run/docker.sock:/var/run/docker.sock \
- -w /output \
- "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
- /analyze -t $DAST_WEBSITE \
- "$@"
- }
- - |
- if [ -n "$DAST_AUTH_URL" ]
- then
- dast_run \
- --auth-url $DAST_AUTH_URL \
- --auth-username $DAST_USERNAME \
- --auth-password $DAST_PASSWORD \
- --auth-username-field $DAST_USERNAME_FIELD \
- --auth-password-field $DAST_PASSWORD_FIELD
- else
- dast_run
- fi
- artifacts:
- reports:
- dast: gl-dast-report.json
- only:
- refs:
- - branches
- - tags
- variables:
- - $GITLAB_FEATURES =~ /\bdast\b/
- except:
- refs:
- - master
- variables:
- - $DAST_DISABLED
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
index 770340de16f..2a90cc9a06c 100644
--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -4,12 +4,6 @@
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
-include:
- - template: Jobs/DAST.gitlab-ci.yml
-
-variables:
- DAST_WEBSITE: http://example.com # Please edit to be your website to scan for vulnerabilities
-
stages:
- build
- test
@@ -17,10 +11,53 @@ stages:
- dast
dast:
+ stage: dast
+ image: docker:stable
+ variables:
+ DOCKER_DRIVER: overlay2
+ allow_failure: true
+ services:
+ - docker:stable-dind
+ script:
+ - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
+ - export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
+ - |
+ if ! docker info &>/dev/null; then
+ if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
+ export DOCKER_HOST='tcp://localhost:2375'
+ fi
+ fi
+ - |
+ function dast_run() {
+ docker run \
+ --env DAST_TARGET_AVAILABILITY_TIMEOUT \
+ --volume "$PWD:/output" \
+ --volume /var/run/docker.sock:/var/run/docker.sock \
+ -w /output \
+ "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
+ /analyze -t $DAST_WEBSITE \
+ "$@"
+ }
+ - |
+ if [ -n "$DAST_AUTH_URL" ]
+ then
+ dast_run \
+ --auth-url $DAST_AUTH_URL \
+ --auth-username $DAST_USERNAME \
+ --auth-password $DAST_PASSWORD \
+ --auth-username-field $DAST_USERNAME_FIELD \
+ --auth-password-field $DAST_PASSWORD_FIELD
+ else
+ dast_run
+ fi
+ artifacts:
+ reports:
+ dast: gl-dast-report.json
only:
refs:
- branches
+ variables:
+ - $GITLAB_FEATURES =~ /\bdast\b/
except:
- refs: [] # Override default from template
variables:
- $DAST_DISABLED