Skip to content
Snippets Groups Projects
Select Git revision
  • as-if-foss/skip-to-main-content
  • as-if-foss/psi-custom-field-token-issues
  • as-if-foss/bm/update-ruby-default
  • as-if-foss/512606-create-approval-rule-user-groups-users-joins
  • as-if-foss/update-copy-button-feature-flag
  • as-if-foss/tachyons_cleanup_pat_organization_filter
  • as-if-foss/smriti-510344/add_group_setting_enforce_dpop_to_manage_endpoints
  • as-if-foss/gkatz_audit_vuln_severity_override
  • as-if-foss/tachyons_cleanup_scim_ff
  • as-if-foss/520432_Fix_ds_scanning_pattern
  • as-if-foss/kassio/work-items-user-preferences-graphql
  • as-if-foss/470818-slash-command
  • as-if-foss/fix-managed-resource-rspec-feature-category-to-cd
  • as-if-foss/psi-custom-field-feature-helpers
  • as-if-foss/aalakkad-migrate-usage-quotas-seats-to-apollo-statistics-card
  • as-if-foss/521076-shared-spec-example-clarification-from-resolve-allow-access-to-public-or-internal-projects
  • as-if-foss/519778-search-results-remove-custom-styles-from-author-dropdown
  • as-if-foss/519958-pipeline-inputs-endpoints-1
  • as-if-foss/470699-standards-adhernce-v2-api-aggregated
  • as-if-foss/474113-fix-whats-new-semantic-html
  • v17.8.3 protected
  • v17.7.5 protected
  • v17.9.0 protected
  • v17.9.0-rc42 protected
  • v17.6.5 protected
  • v17.7.4 protected
  • v17.8.2 protected
  • v17.6.4 protected
  • v17.7.3 protected
  • v17.8.1 protected
  • v17.8.0 protected
  • v17.7.2 protected
  • v17.8.0-rc42 protected
  • v17.5.5 protected
  • v17.6.3 protected
  • v17.7.1 protected
  • v17.7.0 protected
  • v17.7.0-rc42 protected
  • v17.4.6 protected
  • v17.5.4 protected
40 results

reports.gitlab-ci.yml

Code owners
Assign users and groups as approvers for specific file changes. Learn more.
reports.gitlab-ci.yml 1.75 KiB
include:
  - template: Code-Quality.gitlab-ci.yml

code_quality:
  extends: .dedicated-no-docs-no-db-pull-cache-job
  # gitlab-org runners set `privileged: false` but we need to have it set to true
  # since we're using Docker in Docker
  tags: []
  before_script: []
  cache: {}
  dependencies: []
  variables:
    SETUP_DB: "false"

sast:
  extends: .dedicated-no-docs-no-db-pull-cache-job
  image: docker:stable
  variables:
    SAST_CONFIDENCE_LEVEL: 2
    DOCKER_DRIVER: overlay2
  allow_failure: true
  tags: []
  before_script: []
  cache: {}
  dependencies: []
  services:
    - docker:stable-dind
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
        --volume "$PWD:/code"
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
  artifacts:
    reports:
      sast: gl-sast-report.json

dependency_scanning:
  extends: .dedicated-no-docs-no-db-pull-cache-job
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
  allow_failure: true
  tags: []
  before_script: []
  cache: {}
  dependencies: []
  services:
    - docker:stable-dind
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
        --volume "$PWD:/code"
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json