diff options
Diffstat (limited to 'lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml')
-rw-r--r-- | lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index 149506ea498..c90976b2040 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -19,6 +19,15 @@ # * review: REVIEW_DISABLED # * stop_review: REVIEW_DISABLED # +# The sast and sast_dashboard jobs are executed to guarantee full compatibility +# with the group security dashboard and the security reports with old runners. +# If you use only runners with version 11.5 or above, you can disable the sast +# job by setting the OLD_REPORTS_DISABLED environment variable. If you use only +# runners with version below 11.5, you can disable the sast_dashboard job by +# setting the NEW_REPORTS_DISABLED environment variable. +# The sast_dashboard job will be removed in the future, when the sast job will +# use the new reports syntax. +# # In order to deploy, you must have a Kubernetes cluster configured either # via a project integration, or via group/project variables. # AUTO_DEVOPS_DOMAIN must also be set as a variable at the group or project @@ -173,6 +182,29 @@ sast: except: variables: - $SAST_DISABLED + - $OLD_REPORTS_DISABLED + +sast_dashboard: + stage: test + image: docker:stable + allow_failure: true + services: + - docker:stable-dind + script: + - setup_docker + - sast + artifacts: + reports: + sast: gl-sast-report.json + only: + refs: + - branches + variables: + - $GITLAB_FEATURES =~ /\bsast\b/ + except: + variables: + - $SAST_DISABLED + - $NEW_REPORTS_DISABLED dependency_scanning: stage: test |