-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
28 lines (28 loc) · 1.39 KB
/
Copy path.gitlab-ci.yml
File metadata and controls
28 lines (28 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- test
- secret-scan
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
secret_detection:
stage: secret-scan
extends: .secret-analyzer
variables:
GIT_SSL_NO_VERIFY: "1" # temporary untll updated runner configs with cert
GIT_DEPTH: 100
SECRET_DETECTION_LOG_OPTIONS: ${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA}
script:
- apk add jq
- /analyzer run
- NUMBER_OF_VULNERABILITIES=$(cat gl-secret-detection-report.json | jq --raw-output '.vulnerabilities | length')
- if [[ $NUMBER_OF_VULNERABILITIES -gt 0 ]]; then exit "1"; fi
allow_failure: false