Update Security Products examples documentation
This commit is contained in:
parent
59a158955e
commit
a086945275
3 changed files with 30 additions and 6 deletions
|
@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
codequality:
|
codequality:
|
||||||
image: docker:latest
|
image: docker:stable
|
||||||
variables:
|
variables:
|
||||||
DOCKER_DRIVER: overlay
|
DOCKER_DRIVER: overlay2
|
||||||
|
allow_failure: true
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:stable-dind
|
||||||
script:
|
script:
|
||||||
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
||||||
- docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
|
- docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
|
||||||
|
|
|
@ -11,7 +11,7 @@ called `sast:container`:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
sast:container:
|
sast:container:
|
||||||
image: docker:latest
|
image: docker:stable
|
||||||
variables:
|
variables:
|
||||||
DOCKER_DRIVER: overlay2
|
DOCKER_DRIVER: overlay2
|
||||||
## Define two new variables based on GitLab's CI/CD predefined variables
|
## Define two new variables based on GitLab's CI/CD predefined variables
|
||||||
|
@ -20,7 +20,7 @@ sast:container:
|
||||||
CI_APPLICATION_TAG: $CI_COMMIT_SHA
|
CI_APPLICATION_TAG: $CI_COMMIT_SHA
|
||||||
allow_failure: true
|
allow_failure: true
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:stable-dind
|
||||||
script:
|
script:
|
||||||
- docker run -d --name db arminc/clair-db:latest
|
- docker run -d --name db arminc/clair-db:latest
|
||||||
- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
|
- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
|
||||||
|
|
|
@ -14,9 +14,10 @@ called `dast`:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
dast:
|
dast:
|
||||||
image: owasp/zap2docker-stable
|
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
|
||||||
variables:
|
variables:
|
||||||
website: "https://example.com"
|
website: "https://example.com"
|
||||||
|
allow_failure: true
|
||||||
script:
|
script:
|
||||||
- mkdir /zap/wrk/
|
- mkdir /zap/wrk/
|
||||||
- /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
|
- /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
|
||||||
|
@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your
|
||||||
own) and finally write the results in the `gl-dast-report.json` file. You can
|
own) and finally write the results in the `gl-dast-report.json` file. You can
|
||||||
then download and analyze the report artifact in JSON format.
|
then download and analyze the report artifact in JSON format.
|
||||||
|
|
||||||
|
It's also possible to authenticate the user before performing DAST checks:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
dast:
|
||||||
|
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
|
||||||
|
variables:
|
||||||
|
website: "https://example.com"
|
||||||
|
login_url: "https://example.com/sign-in"
|
||||||
|
allow_failure: true
|
||||||
|
script:
|
||||||
|
- mkdir /zap/wrk/
|
||||||
|
- /zap/zap-baseline.py -J gl-dast-report.json -t $website \
|
||||||
|
--auth-url $login_url \
|
||||||
|
--auth-username "john.doe@example.com" \
|
||||||
|
--auth-password "john-doe-password" || true
|
||||||
|
- cp /zap/wrk/gl-dast-report.json .
|
||||||
|
artifacts:
|
||||||
|
paths: [gl-dast-report.json]
|
||||||
|
```
|
||||||
|
See [zaproxy documentation](https://gitlab.com/gitlab-org/security-products/zaproxy)
|
||||||
|
to learn more about authentication settings.
|
||||||
|
|
||||||
TIP: **Tip:**
|
TIP: **Tip:**
|
||||||
Starting with [GitLab Ultimate][ee] 10.4, this information will
|
Starting with [GitLab Ultimate][ee] 10.4, this information will
|
||||||
be automatically extracted and shown right in the merge request widget. To do
|
be automatically extracted and shown right in the merge request widget. To do
|
||||||
|
|
Loading…
Reference in a new issue