diff options
| author | Olivier Gonzalez <ogonzalez@gitlab.com> | 2018-04-11 13:10:13 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2018-04-11 13:10:13 +0000 |
| commit | ce62ef0a68dd57d04377cb8231a294aaa9b278a0 (patch) | |
| tree | 70cd8170945c32c6c27b25e26cbda1c71ee3c181 /.gitlab-ci.yml | |
| parent | 3a83767f650f996ef37382a21d05d8ed99873aa1 (diff) | |
| download | gitlab-shell-ce62ef0a68dd57d04377cb8231a294aaa9b278a0.tar.gz | |
Setup security products.
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 56 |
1 files changed, 45 insertions, 11 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c72d00b..7759390 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,7 +15,7 @@ rspec: - tags rubocop: - script: + script: - bundle exec rubocop tags: - ruby @@ -57,23 +57,57 @@ go:1.8: <<: *go_definition image: golang:1.8 -codeclimate: - before_script: [] - image: docker:latest +codequality: + image: docker:stable variables: - DOCKER_DRIVER: overlay + DOCKER_DRIVER: overlay2 + allow_failure: true services: - - docker:dind + - docker:stable-dind + before_script: [] script: - - docker pull codeclimate/codeclimate - - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env SOURCE_CODE="$PWD" + --volume "$PWD":/code + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code artifacts: paths: [codeclimate.json] + sast: + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:stable-dind + before_script: [] + script: + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" + --volume "$PWD:/code" + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code + artifacts: + paths: [gl-sast-report.json] + +dependency_scanning: + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:stable-dind before_script: [] - image: registry.gitlab.com/gitlab-org/gl-sast:latest script: - - /app/bin/run . + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}" + --volume "$PWD:/code" + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code artifacts: - paths: [gl-sast-report.json]
\ No newline at end of file + paths: [gl-dependency-scanning-report.json]
\ No newline at end of file |