diff options
Diffstat (limited to 'vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml')
-rw-r--r-- | vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml index 06473fba8e1..75de266369d 100644 --- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml +++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml @@ -112,6 +112,19 @@ sast: - sast . artifacts: paths: [gl-sast-report.json] + +sast:container: + image: docker:latest + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:dind + script: + - setup_docker + - sast_container + artifacts: + paths: [gl-sast-container-report.json] review: stage: review @@ -247,6 +260,18 @@ production: export CI_APPLICATION_TAG=$CI_COMMIT_SHA export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID} export TILLER_NAMESPACE=$KUBE_NAMESPACE + + function sast_container() { + docker run -d --name db arminc/clair-db:latest + docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 + apk add -U wget ca-certificates + docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} + wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386 + mv clair-scanner_linux_386 clair-scanner + chmod +x clair-scanner + touch clair-whitelist.yml + ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true + } function codeclimate() { cc_opts="--env CODECLIMATE_CODE="$PWD" \ |