Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
f6b349ed51
commit
cbb3bdad06
|
@ -6,7 +6,7 @@
|
|||
|
||||
variables:
|
||||
FUZZAPI_PROFILE: Quick
|
||||
FUZZAPI_VERSION: latest
|
||||
FUZZAPI_VERSION: "1"
|
||||
FUZZAPI_CONFIG: .gitlab-api-fuzzing.yml
|
||||
FUZZAPI_TIMEOUT: 30
|
||||
FUZZAPI_REPORT: gl-api-fuzzing-report.json
|
||||
|
@ -16,7 +16,8 @@ variables:
|
|||
# available (non 500 response to HTTP(s))
|
||||
FUZZAPI_SERVICE_START_TIMEOUT: "300"
|
||||
#
|
||||
FUZZAPI_IMAGE: registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:${FUZZAPI_VERSION}-engine
|
||||
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
|
||||
FUZZAPI_IMAGE: ${SECURE_ANALYZERS_PREFIX}/api-fuzzing:${FUZZAPI_VERSION}
|
||||
#
|
||||
|
||||
apifuzzer_fuzz_unlicensed:
|
||||
|
@ -32,9 +33,7 @@ apifuzzer_fuzz_unlicensed:
|
|||
|
||||
apifuzzer_fuzz:
|
||||
stage: fuzz
|
||||
image:
|
||||
name: $FUZZAPI_IMAGE
|
||||
entrypoint: ["/bin/bash", "-l", "-c"]
|
||||
image: $FUZZAPI_IMAGE
|
||||
variables:
|
||||
FUZZAPI_PROJECT: $CI_PROJECT_PATH
|
||||
FUZZAPI_API: http://localhost:80
|
||||
|
|
|
@ -23,17 +23,7 @@ variables:
|
|||
# (SAST, Dependency Scanning, ...)
|
||||
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
|
||||
#
|
||||
DAST_API_PROFILE: Full
|
||||
DAST_API_VERSION: latest
|
||||
DAST_API_CONFIG: .gitlab-dast-api.yml
|
||||
DAST_API_TIMEOUT: 30
|
||||
DAST_API_REPORT: gl-dast-api-report.json
|
||||
DAST_API_REPORT_ASSET_PATH: assets
|
||||
#
|
||||
# Wait up to 5 minutes for API Security and target url to become
|
||||
# available (non 500 response to HTTP(s))
|
||||
DAST_API_SERVICE_START_TIMEOUT: "300"
|
||||
#
|
||||
DAST_API_VERSION: "1"
|
||||
DAST_API_IMAGE: registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:${DAST_API_VERSION}-engine
|
||||
|
||||
dast:
|
||||
|
@ -76,16 +66,7 @@ dast:
|
|||
|
||||
dast_api:
|
||||
stage: dast
|
||||
image:
|
||||
name: $DAST_API_IMAGE
|
||||
entrypoint: ["/bin/bash", "-l", "-c"]
|
||||
variables:
|
||||
API_SECURITY_MODE: DAST
|
||||
DAST_API_NEW_REPORT: 1
|
||||
DAST_API_PROJECT: $CI_PROJECT_PATH
|
||||
DAST_API_API: http://127.0.0.1:5000
|
||||
DAST_API_LOG_SCANNER: gl-dast-api-scanner.log
|
||||
TZ: America/Los_Angeles
|
||||
image: $DAST_API_IMAGE
|
||||
allow_failure: true
|
||||
rules:
|
||||
- if: $DAST_API_BETA == null
|
||||
|
@ -110,33 +91,12 @@ dast_api:
|
|||
- if: $CI_COMMIT_BRANCH &&
|
||||
$GITLAB_FEATURES =~ /\bdast\b/
|
||||
script:
|
||||
#
|
||||
# Run user provided pre-script
|
||||
- sh -c "$DAST_API_PRE_SCRIPT"
|
||||
#
|
||||
# Make sure asset path exists
|
||||
- mkdir -p $DAST_API_REPORT_ASSET_PATH
|
||||
#
|
||||
# Start API Security background process
|
||||
- dotnet /peach/Peach.Web.dll &> $DAST_API_LOG_SCANNER &
|
||||
- APISEC_PID=$!
|
||||
#
|
||||
# Start scanning
|
||||
- worker-entry
|
||||
#
|
||||
# Run user provided post-script
|
||||
- sh -c "$DAST_API_POST_SCRIPT"
|
||||
#
|
||||
# Shutdown API Security
|
||||
- kill $APISEC_PID
|
||||
- wait $APISEC_PID
|
||||
#
|
||||
- /peach/analyzer-dast-api
|
||||
artifacts:
|
||||
when: always
|
||||
paths:
|
||||
- $DAST_API_REPORT_ASSET_PATH
|
||||
- $DAST_API_REPORT
|
||||
- $DAST_API_LOG_SCANNER
|
||||
- gl-assets
|
||||
- gl-dast-api-report.json
|
||||
- gl-*.log
|
||||
reports:
|
||||
dast: $DAST_API_REPORT
|
||||
dast: gl-dast-api-report.json
|
||||
|
|
|
@ -661,7 +661,7 @@ RSpec.shared_examples 'workhorse package file upload endpoint' do
|
|||
end
|
||||
|
||||
RSpec.shared_examples 'creates build_info when there is a job' do
|
||||
context 'with job token' do
|
||||
context 'with job token', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/294047' do
|
||||
let(:jwt) { build_jwt_from_job(job) }
|
||||
|
||||
it 'creates a build_info record' do
|
||||
|
|
Loading…
Reference in New Issue