Add security scanning to CI pipeline (!63) · Merge requests · GitLab.org / Technical Writing Group / GitLab Docs Hugo

Sarah German requested to merge ci-security-scans into main Apr 15, 2024

What does this MR do and why?

Copies over security scanning from gitlab-docs, dropping Ruby-related scanners (Brakeman) and the deprecated nodejs scanner.

gitlab-docs version: https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/.gitlab/ci/security.gitlab-ci.yml?ref_type=heads

Pipeline output

Security report: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/pipelines/1257351018/security

Individual jobs:

gemnasium: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/jobs/6651005045
secret_detection: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/jobs/6651005051
semgrep-analyzer: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/jobs/6651005048

Merge request acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this merge request.

Edited Apr 17, 2024 by Sarah German

Add security scanning to CI pipeline

What does this MR do and why?

Pipeline output

Merge request acceptance checklist

Merge request reports