gitlab-org--gitlab-foss/.gitlab/ci/reports.gitlab-ci.yml

include:
  - template: Code-Quality.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml

.reports:
  extends:
    - .default-retry
    - .except-docs

code_quality:
  extends: .reports

sast:
  extends: .reports
  variables:
    SAST_BRAKEMAN_LEVEL: 2
    SAST_EXCLUDED_PATHS: qa,spec,doc
  artifacts:
    expire_in: 7 days
    paths:
      - gl-sast-report.json

dependency_scanning:
  extends: .reports

dast:
  extends:
    - .reports
    - .review-only
  stage: qa
  dependencies: ["review-deploy"]
  before_script:
    - export DAST_WEBSITE="$(cat review_app_url.txt)"
  artifacts:
    expire_in: 7 days
    paths:
      - gl-dast-report.json
Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00			`include:`
Include CodeQuality with template syntax 2019-04-17 09:20:18 +00:00			`- template: Code-Quality.gitlab-ci.yml`
Fix reports jobs timing out because of cache Note: This commit relies on https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26801 which brings support to multiple extends. While `cache: {}` can disable a cache being set globally, it doesn't work with extends, which will perform a reverse deep merge based on the keys. The cache defined in the base `.default-cache` job won't be disabled in the report jobs. As a side effect, the `code_quality`, `sast`, and `dependency_scanning` jobs are running on a larger code base than expected, leading to timeouts. fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/11303 fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/60879 fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/12021 2019-06-25 08:57:33 +00:00			`- template: Security/SAST.gitlab-ci.yml`
			`- template: Security/Dependency-Scanning.gitlab-ci.yml`
Enable DAST 2019-08-20 17:04:23 +00:00			`- template: Security/DAST.gitlab-ci.yml`
Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00
Reduce complexity of CI files Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-08-26 20:41:55 +00:00			`.reports:`
			`extends:`
			`- .default-retry`
			`- .except-docs`

Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00			`code_quality:`
Reduce complexity of CI files Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-08-26 20:41:55 +00:00			`extends: .reports`
Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00
			`sast:`
Reduce complexity of CI files Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-08-26 20:41:55 +00:00			`extends: .reports`
Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00			`variables:`
Clean up CI reports Also, `SAST_CONFIDENCE_LEVEL` has been renamed in https://gitlab.com/gitlab-org/security-products/sast/merge_requests/72 2019-07-11 20:31:18 +00:00			`SAST_BRAKEMAN_LEVEL: 2`
Dont run SAST on tests 2019-08-26 09:14:15 +00:00			`SAST_EXCLUDED_PATHS: qa,spec,doc`
Make sast & dast artifacts browseable 2019-08-26 15:21:35 +00:00			`artifacts:`
			`expire_in: 7 days`
			`paths:`
			`- gl-sast-report.json`
Refactor .gitlab-ci.yml 2019-04-12 08:56:38 +00:00
			`dependency_scanning:`
Reduce complexity of CI files Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-08-26 20:41:55 +00:00			`extends: .reports`
Enable DAST 2019-08-20 17:04:23 +00:00
			`dast:`
Set dast job to extend .review-only 2019-08-28 16:11:32 +00:00			`extends:`
			`- .reports`
			`- .review-only`
Enable DAST 2019-08-20 17:04:23 +00:00			`stage: qa`
Reduce complexity of CI files Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-08-26 20:41:55 +00:00			`dependencies: ["review-deploy"]`
Enable DAST 2019-08-20 17:04:23 +00:00			`before_script:`
			`- export DAST_WEBSITE="$(cat review_app_url.txt)"`
Make sast & dast artifacts browseable 2019-08-26 15:21:35 +00:00			`artifacts:`
			`expire_in: 7 days`
			`paths:`
			`- gl-dast-report.json`