Minimize API Fuzzing CI template
Problem
The API Fuzzing template defined jobs are hard for users to customize and contain too much logic.
Proposal
Minimize the jobs as much as possible by moving defaults into the script
section and the script
section into a shell script that ships with the container. Also remove the deprecated and not documented docker-in-docker support.
-
Use SECURE_ANALYZERS_PREFIX
inFUZZAPI_IMAGE
. This allows users of offline GitLab instances to quickly change where all security analyzers pull container images. -
Use new analyzer container image name (removed -engine
suffix) -
Remove unlicensed job. Instead check in the script. -
Remove the apifuzzer_fuzz_dnd
job. Docker-in-docker is depricated. -
Remove entrypoint
setting forimage
. Update dockerfile to use this entrypoint by default. -
Move defaults into script. Instead of using a global variables definition and also a job variables
section, move all defaults into the script. -
Pin version of template to major version 1
-
Deprecate the following variables: - FUZZAPI_REPORT_ASSET_PATH
- FUZZAPI_REPORT
- FUZZAPI_LOG_SCANNER
- FUZZAPI_API
- FUZZAPI_NEW_REPORT
- FUZZAPI_D_*
Edited by Michael Eddington