diff options
author | Nick Thomas <nick@gitlab.com> | 2020-09-03 10:17:47 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2020-09-03 10:17:47 +0000 |
commit | 98b173cdaebf7b5256a855f7e6bae7f41c73517a (patch) | |
tree | 89f54ac2668f50093400fdbec7982513381a9944 | |
parent | 27c2ef12ea0738c860886ee06d1e6ea90996d1e3 (diff) | |
parent | 5252ad54a5b4f43a3af786347744a7afac731cc7 (diff) | |
download | gitlab-shell-98b173cdaebf7b5256a855f7e6bae7f41c73517a.tar.gz |
Merge branch 'fix-security-scans' into 'master'
Fix SAST and Dependency Scanning
See merge request gitlab-org/gitlab-shell!410
-rw-r--r-- | .gitlab-ci.yml | 39 |
1 files changed, 13 insertions, 26 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9365c..8b7c2a9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,7 @@ include: - template: Code-Quality.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml variables: DOCKER_VERSION: "19.03.0" @@ -67,32 +69,6 @@ code_quality: extends: .use-docker-in-docker rules: *workflow_rules -sast: - extends: .use-docker-in-docker - allow_failure: true - script: - - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - - docker run - --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" - --volume "$PWD:/code" - --volume /var/run/docker.sock:/var/run/docker.sock - "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code - artifacts: - paths: [gl-sast-report.json] - -dependency_scanning: - extends: .use-docker-in-docker - allow_failure: true - script: - - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - - docker run - --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}" - --volume "$PWD:/code" - --volume /var/run/docker.sock:/var/run/docker.sock - "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code - artifacts: - paths: [gl-dependency-scanning-report.json] - code_navigation: image: sourcegraph/lsif-go:v1 allow_failure: true @@ -101,3 +77,14 @@ code_navigation: artifacts: reports: lsif: dump.lsif + +# SAST +gosec-sast: + rules: *workflow_rules + +# Dependency Scanning +gemnasium-dependency_scanning: + rules: *workflow_rules + +bundler-audit-dependency_scanning: + rules: *workflow_rules
\ No newline at end of file |