Restore original Security/DAST.gitlab-ci.yml
Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml.
This commit is contained in:
parent
7a7c131f7b
commit
f92438b878
|
@ -78,8 +78,14 @@ include:
|
||||||
- template: Jobs/Code-Quality.gitlab-ci.yml
|
- template: Jobs/Code-Quality.gitlab-ci.yml
|
||||||
- template: Jobs/Deploy.gitlab-ci.yml
|
- template: Jobs/Deploy.gitlab-ci.yml
|
||||||
- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
|
- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
|
||||||
- template: Jobs/DAST.gitlab-ci.yml
|
- template: Security/DAST.gitlab-ci.yml
|
||||||
- template: Security/Container-Scanning.gitlab-ci.yml
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
||||||
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
||||||
- template: Security/License-Management.gitlab-ci.yml
|
- template: Security/License-Management.gitlab-ci.yml
|
||||||
- template: Security/SAST.gitlab-ci.yml
|
- template: Security/SAST.gitlab-ci.yml
|
||||||
|
|
||||||
|
# Override DAST job to exclude master branch
|
||||||
|
dast:
|
||||||
|
except:
|
||||||
|
refs:
|
||||||
|
- master
|
|
@ -1,54 +0,0 @@
|
||||||
dast:
|
|
||||||
stage: dast
|
|
||||||
image: docker:stable
|
|
||||||
variables:
|
|
||||||
DOCKER_DRIVER: overlay2
|
|
||||||
allow_failure: true
|
|
||||||
services:
|
|
||||||
- docker:stable-dind
|
|
||||||
script:
|
|
||||||
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
|
||||||
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
|
||||||
- |
|
|
||||||
if ! docker info &>/dev/null; then
|
|
||||||
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
|
||||||
export DOCKER_HOST='tcp://localhost:2375'
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
- |
|
|
||||||
function dast_run() {
|
|
||||||
docker run \
|
|
||||||
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
|
||||||
--volume "$PWD:/output" \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
-w /output \
|
|
||||||
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
|
||||||
/analyze -t $DAST_WEBSITE \
|
|
||||||
"$@"
|
|
||||||
}
|
|
||||||
- |
|
|
||||||
if [ -n "$DAST_AUTH_URL" ]
|
|
||||||
then
|
|
||||||
dast_run \
|
|
||||||
--auth-url $DAST_AUTH_URL \
|
|
||||||
--auth-username $DAST_USERNAME \
|
|
||||||
--auth-password $DAST_PASSWORD \
|
|
||||||
--auth-username-field $DAST_USERNAME_FIELD \
|
|
||||||
--auth-password-field $DAST_PASSWORD_FIELD
|
|
||||||
else
|
|
||||||
dast_run
|
|
||||||
fi
|
|
||||||
artifacts:
|
|
||||||
reports:
|
|
||||||
dast: gl-dast-report.json
|
|
||||||
only:
|
|
||||||
refs:
|
|
||||||
- branches
|
|
||||||
- tags
|
|
||||||
variables:
|
|
||||||
- $GITLAB_FEATURES =~ /\bdast\b/
|
|
||||||
except:
|
|
||||||
refs:
|
|
||||||
- master
|
|
||||||
variables:
|
|
||||||
- $DAST_DISABLED
|
|
|
@ -4,12 +4,6 @@
|
||||||
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
||||||
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
|
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
|
||||||
|
|
||||||
include:
|
|
||||||
- template: Jobs/DAST.gitlab-ci.yml
|
|
||||||
|
|
||||||
variables:
|
|
||||||
DAST_WEBSITE: http://example.com # Please edit to be your website to scan for vulnerabilities
|
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- build
|
- build
|
||||||
- test
|
- test
|
||||||
|
@ -17,10 +11,53 @@ stages:
|
||||||
- dast
|
- dast
|
||||||
|
|
||||||
dast:
|
dast:
|
||||||
|
stage: dast
|
||||||
|
image: docker:stable
|
||||||
|
variables:
|
||||||
|
DOCKER_DRIVER: overlay2
|
||||||
|
allow_failure: true
|
||||||
|
services:
|
||||||
|
- docker:stable-dind
|
||||||
|
script:
|
||||||
|
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
||||||
|
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
||||||
|
- |
|
||||||
|
if ! docker info &>/dev/null; then
|
||||||
|
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
||||||
|
export DOCKER_HOST='tcp://localhost:2375'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
- |
|
||||||
|
function dast_run() {
|
||||||
|
docker run \
|
||||||
|
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
||||||
|
--volume "$PWD:/output" \
|
||||||
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
-w /output \
|
||||||
|
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
||||||
|
/analyze -t $DAST_WEBSITE \
|
||||||
|
"$@"
|
||||||
|
}
|
||||||
|
- |
|
||||||
|
if [ -n "$DAST_AUTH_URL" ]
|
||||||
|
then
|
||||||
|
dast_run \
|
||||||
|
--auth-url $DAST_AUTH_URL \
|
||||||
|
--auth-username $DAST_USERNAME \
|
||||||
|
--auth-password $DAST_PASSWORD \
|
||||||
|
--auth-username-field $DAST_USERNAME_FIELD \
|
||||||
|
--auth-password-field $DAST_PASSWORD_FIELD
|
||||||
|
else
|
||||||
|
dast_run
|
||||||
|
fi
|
||||||
|
artifacts:
|
||||||
|
reports:
|
||||||
|
dast: gl-dast-report.json
|
||||||
only:
|
only:
|
||||||
refs:
|
refs:
|
||||||
- branches
|
- branches
|
||||||
|
variables:
|
||||||
|
- $GITLAB_FEATURES =~ /\bdast\b/
|
||||||
except:
|
except:
|
||||||
refs: [] # Override default from template
|
|
||||||
variables:
|
variables:
|
||||||
- $DAST_DISABLED
|
- $DAST_DISABLED
|
||||||
|
|
Loading…
Reference in New Issue