From a3617fb8b9d20acb361d78f476e9ad2b4c9ae118 Mon Sep 17 00:00:00 2001 From: Olivier Gonzalez Date: Tue, 10 Apr 2018 12:59:22 +0000 Subject: Update Security Products jobs definitions --- .gitlab-ci.yml | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4659722854e..2249115e82a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -735,16 +735,50 @@ codequality: expire_in: 1 week sast: - <<: *except-docs - image: registry.gitlab.com/gitlab-org/gl-sast:latest + <<: *dedicated-no-docs-no-db-pull-cache-job + image: docker:stable variables: - CONFIDENCE_LEVEL: 2 + SAST_CONFIDENCE_LEVEL: 2 + DOCKER_DRIVER: overlay2 + allow_failure: true + tags: [] before_script: [] + cache: {} + dependencies: [] + services: + - docker:stable-dind script: - - /app/bin/run . + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" + --volume "$PWD:/code" + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code artifacts: paths: [gl-sast-report.json] +dependency_scanning: + <<: *dedicated-no-docs-no-db-pull-cache-job + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + tags: [] + before_script: [] + cache: {} + dependencies: [] + services: + - docker:stable-dind + script: + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}" + --volume "$PWD:/code" + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code + artifacts: + paths: [gl-dependency-scanning-report.json] + qa:internal: <<: *dedicated-no-docs-no-db-pull-cache-job services: [] -- cgit v1.2.1