Propagate ENV vars to SAST and Dependency Scanning Docker containers only if they are set
This commit is contained in:
parent
105915527d
commit
aaceabdd05
|
@ -20,16 +20,26 @@ dependency_scanning:
|
||||||
export DOCKER_HOST='tcp://localhost:2375'
|
export DOCKER_HOST='tcp://localhost:2375'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
- | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
|
||||||
|
function propagate_env_vars() {
|
||||||
|
CURRENT_ENV=$(printenv)
|
||||||
|
|
||||||
|
for VAR_NAME; do
|
||||||
|
echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
|
||||||
|
done
|
||||||
|
}
|
||||||
- |
|
- |
|
||||||
docker run \
|
docker run \
|
||||||
--env DS_ANALYZER_IMAGES \
|
$(propagate_env_vars \
|
||||||
--env DS_ANALYZER_IMAGE_PREFIX \
|
DS_ANALYZER_IMAGES \
|
||||||
--env DS_ANALYZER_IMAGE_TAG \
|
DS_ANALYZER_IMAGE_PREFIX \
|
||||||
--env DS_DEFAULT_ANALYZERS \
|
DS_ANALYZER_IMAGE_TAG \
|
||||||
--env DEP_SCAN_DISABLE_REMOTE_CHECKS \
|
DS_DEFAULT_ANALYZERS \
|
||||||
--env DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
DEP_SCAN_DISABLE_REMOTE_CHECKS \
|
||||||
--env DS_PULL_ANALYZER_IMAGE_TIMEOUT \
|
DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
||||||
--env DS_RUN_ANALYZER_TIMEOUT \
|
DS_PULL_ANALYZER_IMAGE_TIMEOUT \
|
||||||
|
DS_RUN_ANALYZER_TIMEOUT \
|
||||||
|
) \
|
||||||
--volume "$PWD:/code" \
|
--volume "$PWD:/code" \
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||||
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
|
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
|
||||||
|
|
|
@ -20,18 +20,28 @@ sast:
|
||||||
export DOCKER_HOST='tcp://localhost:2375'
|
export DOCKER_HOST='tcp://localhost:2375'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
- | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
|
||||||
|
function propagate_env_vars() {
|
||||||
|
CURRENT_ENV=$(printenv)
|
||||||
|
|
||||||
|
for VAR_NAME; do
|
||||||
|
echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
|
||||||
|
done
|
||||||
|
}
|
||||||
- |
|
- |
|
||||||
docker run \
|
docker run \
|
||||||
--env SAST_ANALYZER_IMAGES \
|
$(propagate_env_vars \
|
||||||
--env SAST_ANALYZER_IMAGE_PREFIX \
|
SAST_ANALYZER_IMAGES \
|
||||||
--env SAST_ANALYZER_IMAGE_TAG \
|
SAST_ANALYZER_IMAGE_PREFIX \
|
||||||
--env SAST_DEFAULT_ANALYZERS \
|
SAST_ANALYZER_IMAGE_TAG \
|
||||||
--env SAST_BRAKEMAN_LEVEL \
|
SAST_DEFAULT_ANALYZERS \
|
||||||
--env SAST_GOSEC_LEVEL \
|
SAST_BRAKEMAN_LEVEL \
|
||||||
--env SAST_FLAWFINDER_LEVEL \
|
SAST_GOSEC_LEVEL \
|
||||||
--env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
SAST_FLAWFINDER_LEVEL \
|
||||||
--env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
|
SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
||||||
--env SAST_RUN_ANALYZER_TIMEOUT \
|
SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
|
||||||
|
SAST_RUN_ANALYZER_TIMEOUT \
|
||||||
|
) \
|
||||||
--volume "$PWD:/code" \
|
--volume "$PWD:/code" \
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||||
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
|
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
|
||||||
|
|
Loading…
Reference in New Issue