Commit c5ea6054 authored by Olivier Gonzalez's avatar Olivier Gonzalez Committed by Sean McGivern

Setup security products.

parent 0234f1bf
---
version: "2"
plugins:
csslint:
enabled: true
coffeelint:
enabled: true
duplication:
enabled: true
config:
languages:
- ruby
- javascript
- python
- php
eslint:
enabled: true
fixme:
enabled: true
rubocop:
enabled: true
exclude_patterns:
- node_modules/
- spec/
- source/javascripts/libs/
......@@ -18,7 +18,9 @@ cache:
stages:
- prepare
- build
- test
- deploy
- dast
lint:
stage: build
......@@ -109,6 +111,75 @@ build_master:
only:
- master
codequality:
image: docker:stable
allow_failure: true
before_script: []
cache: {}
dependencies: []
tags: []
services:
- docker:stable-dind
variables:
DOCKER_DRIVER: overlay2
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env SOURCE_CODE="$PWD"
--volume "$PWD":/code
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
artifacts:
paths:
- codeclimate.json
dependency_scanning:
image: docker:stable
allow_failure: true
before_script: []
cache: {}
dependencies: []
tags: []
services:
- docker:stable-dind
variables:
DOCKER_DRIVER: overlay2
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
artifacts:
paths:
- gl-dependency-scanning-report.json
dast:
stage: dast
only:
- [email protected]/www-gitlab-com
except:
- [email protected]/www-gitlab-com
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
allow_failure: true
before_script: []
cache: {}
dependencies: []
tags: []
services: []
variables:
DOCKER_DRIVER: overlay2
DAST_WEB_SITE: http://$CI_COMMIT_REF_SLUG.about.gitlab.com
script:
- if [ -z $DAST_WEB_SITE ]; then echo "Please configure DAST_WEB_SITE env variable" && exit 1; fi
- mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $DAST_WEB_SITE || true
- cp /zap/wrk/gl-dast-report.json .
artifacts:
paths:
- gl-dast-report.json
review:
stage: deploy
allow_failure: true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment