.gitlab-ci.yml 3.18 KB
Newer Older
Fabien Catteau's avatar
Fabien Catteau committed
1 2
variables:
  REPORT_FILENAME: gl-dependency-scanning-report.json
3
  MAJOR: 2
Fabien Catteau's avatar
Fabien Catteau committed
4
  MAX_IMAGE_SIZE_BYTE: 279702148
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
  # if fetched by the default, the gemnasium git submodule would be scanned
  # by the Secure analyzers (test stage), and that would be redundant
  # with the scanning jobs in the pipeline of the gemnasium project
  GIT_SUBMODULE_STRATEGY: none

# the gemnasium git submodule must be fetched to build, test, check and lint the Go project
.go:
  variables:
    GIT_SUBMODULE_STRATEGY: normal

gosec-sast:
  variables:
    GIT_SUBMODULE_STRATEGY: normal

build tmp image:
  variables:
    GIT_SUBMODULE_STRATEGY: normal
Fabien Catteau's avatar
Fabien Catteau committed
22 23 24

include:
  - https://gitlab.com/gitlab-org/security-products/ci-templates/raw/master/includes-dev/analyzer.yml
25

26 27 28 29 30 31 32
test-custom-ca-bundle:
  variables:
    RUN_CMD: 1
    SEARCH_CMD: 0
    ANALYZE_CMD: 0
    CONVERT_CMD: 0

Fabien Catteau's avatar
Fabien Catteau committed
33 34 35 36 37 38
.functional:
  extends: .qa-downstream-ds
  variables:
    DS_DEFAULT_ANALYZERS: "gemnasium-python"
    DS_ANALYZER_IMAGE: "$CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA"

39
python-pipenv-qa:
Fabien Catteau's avatar
Fabien Catteau committed
40
  extends: .functional
41
  variables:
42
    MAX_SCAN_DURATION_SECONDS: 19
43
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pipenv/$REPORT_FILENAME"
Fabien Catteau's avatar
Fabien Catteau committed
44 45
  trigger:
    project: gitlab-org/security-products/tests/python-pipenv
46

Fabien Catteau's avatar
Fabien Catteau committed
47 48 49 50 51 52 53 54 55
python-pipenv-offline-qa:
  extends: .functional
  variables:
    MAX_SCAN_DURATION_SECONDS: 19
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pipenv/$REPORT_FILENAME"
  trigger:
    project: gitlab-org/security-products/tests/python-pipenv
    branch: offline-FREEZE

56 57 58 59 60 61 62 63 64
python-pipenv-use-system-python-qa:
  extends: .functional
  variables:
    MAX_SCAN_DURATION_SECONDS: 19
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pipenv/$REPORT_FILENAME"
  trigger:
    project: gitlab-org/security-products/tests/python-pipenv
    branch: require-system-python-FREEZE

65 66 67 68
python-pipfile-lock-qa:
  extends: .functional
  variables:
    MAX_SCAN_DURATION_SECONDS: 19
69
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pipenv/pipfile-lock/$REPORT_FILENAME"
70 71 72 73
  trigger:
    project: gitlab-org/security-products/tests/python-pipenv
    branch: pipfile-lock-FREEZE

74
python-pip-qa:
Fabien Catteau's avatar
Fabien Catteau committed
75
  extends: .functional
76
  variables:
77
    MAX_SCAN_DURATION_SECONDS: 11
78
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pip/$REPORT_FILENAME"
Fabien Catteau's avatar
Fabien Catteau committed
79 80
  trigger:
    project: gitlab-org/security-products/tests/python-pip
Adam Cohen's avatar
Adam Cohen committed
81

82 83 84 85 86 87 88 89 90
python-pip-requirements-file-var-qa:
  extends: .functional
  variables:
    MAX_SCAN_DURATION_SECONDS: 11
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/python-pip-requirements-file/$REPORT_FILENAME"
  trigger:
    project: gitlab-org/security-products/tests/python-pip
    branch: "user-supplied-requirements-file-FR33Z3"

Adam Cohen's avatar
Adam Cohen committed
91 92
# test DS_EXCLUDED_PATHS to ensure that the given path is ignored and results in no vulnerabilities in the
# expected report
93
ds-excluded-paths-qa:
Adam Cohen's avatar
Adam Cohen committed
94 95 96 97 98 99 100
  extends: .functional
  variables:
    MAX_SCAN_DURATION_SECONDS: 13
    DS_REPORT_URL: "$CI_PROJECT_URL/raw/$CI_COMMIT_REF_NAME/qa/expect/no-vulnerabilities/$REPORT_FILENAME"
    DS_EXCLUDED_PATHS: "/requirements.txt"
  trigger:
    project: gitlab-org/security-products/tests/python-pip