diff options
Diffstat (limited to 'lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci-.yml')
-rw-r--r-- | lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci-.yml | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci-.yml b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci-.yml deleted file mode 100644 index c7fb1321055..00000000000 --- a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci-.yml +++ /dev/null @@ -1,91 +0,0 @@ -# This template is provided and maintained by Indeni, an official Technology Partner with GitLab. -# See https://about.gitlab.com/partners/technology-partners/#security for more information. - -# For more information about Indeni Cloudrail: https://indeni.com/cloudrail/ -# -# This file shows an example of using Indeni Cloudrail with GitLab CI/CD. -# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword. -# Documentation about this integration: https://indeni.com/doc-indeni-cloudrail/integrate-with-ci-cd/gitlab-instructions -# -# For an example of this used in a GitLab repository, see: https://gitlab.com/indeni/cloudrail-demo/-/blob/master/.gitlab-ci.yml - -# The sast-report output complies with GitLab's format. This report displays Cloudrail's -# results in the Security tab in the pipeline view, if you have that feature enabled -# (GitLab Ultimate only). Otherwise, Cloudrail generates a JUnit report, which displays -# in the "Test summary" in merge requests. - -# Note that Cloudrail's input is the Terraform plan. That is why we've included in this -# template an example of doing that. You are welcome to replace it with your own way -# of generating a Terraform plan. - -# Before you can use this template, get a Cloudrail API key from the Cloudrail web -# user interface. Save it as a CI/CD variable named CLOUDRAIL_API_KEY in your project -# settings. - -variables: - TEST_ROOT: ${CI_PROJECT_DIR}/my_folder_with_terraform_content - -default: - before_script: - - cd ${CI_PROJECT_DIR}/my_folder_with_terraform_content - -stages: - - init_and_plan - - cloudrail - -init_and_plan: - stage: init_and_plan - image: registry.gitlab.com/gitlab-org/terraform-images/releases/0.13 - rules: - - if: $SAST_DISABLED - when: never - - if: $CI_COMMIT_BRANCH - exists: - - '**/*.tf' - script: - - terraform init - - terraform plan -out=plan.out - artifacts: - name: "$CI_COMMIT_BRANCH-terraform_plan" - paths: - - ./**/plan.out - - ./**/.terraform - -cloudrail_scan: - stage: cloudrail - image: indeni/cloudrail-cli:1.2.44 - rules: - - if: $SAST_DISABLED - when: never - - if: $CI_COMMIT_BRANCH - exists: - - '**/*.tf' - script: - - | - if [[ "${GITLAB_FEATURES}" == *"security_dashboard"* ]]; then - echo "You are licensed for GitLab Security Dashboards. Your scan results will display in the Security Dashboard." - cloudrail run --tf-plan plan.out \ - --directory . \ - --api-key ${CLOUDRAIL_API_KEY} \ - --origin ci \ - --build-link "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID" \ - --execution-source-identifier "$CI_COMMIT_BRANCH - $CI_JOB_ID" \ - --output-format json-gitlab-sast \ - --output-file ${CI_PROJECT_DIR}/cloudrail-sast-report.json \ - --auto-approve - else - echo "Your scan results will display in the GitLab Test results visualization panel." - cloudrail run --tf-plan plan.out \ - --directory . \ - --api-key ${CLOUDRAIL_API_KEY} \ - --origin ci \ - --build-link "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID" \ - --execution-source-identifier "$CI_COMMIT_BRANCH - $CI_JOB_ID" \ - --output-format junit \ - --output-file ${CI_PROJECT_DIR}/cloudrail-junit-report.xml \ - --auto-approve - fi - artifacts: - reports: - sast: cloudrail-sast-report.json - junit: cloudrail-junit-report.xml |