Restore original Security/DAST.gitlab-ci.yml
Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml.
This commit is contained in:
parent
7a7c131f7b
commit
f92438b878
|
@ -78,8 +78,14 @@ include:
|
|||
- template: Jobs/Code-Quality.gitlab-ci.yml
|
||||
- template: Jobs/Deploy.gitlab-ci.yml
|
||||
- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
|
||||
- template: Jobs/DAST.gitlab-ci.yml
|
||||
- template: Security/DAST.gitlab-ci.yml
|
||||
- template: Security/Container-Scanning.gitlab-ci.yml
|
||||
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
||||
- template: Security/License-Management.gitlab-ci.yml
|
||||
- template: Security/SAST.gitlab-ci.yml
|
||||
|
||||
# Override DAST job to exclude master branch
|
||||
dast:
|
||||
except:
|
||||
refs:
|
||||
- master
|
|
@ -1,54 +0,0 @@
|
|||
dast:
|
||||
stage: dast
|
||||
image: docker:stable
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay2
|
||||
allow_failure: true
|
||||
services:
|
||||
- docker:stable-dind
|
||||
script:
|
||||
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
||||
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
||||
- |
|
||||
if ! docker info &>/dev/null; then
|
||||
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
||||
export DOCKER_HOST='tcp://localhost:2375'
|
||||
fi
|
||||
fi
|
||||
- |
|
||||
function dast_run() {
|
||||
docker run \
|
||||
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
||||
--volume "$PWD:/output" \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||
-w /output \
|
||||
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
||||
/analyze -t $DAST_WEBSITE \
|
||||
"$@"
|
||||
}
|
||||
- |
|
||||
if [ -n "$DAST_AUTH_URL" ]
|
||||
then
|
||||
dast_run \
|
||||
--auth-url $DAST_AUTH_URL \
|
||||
--auth-username $DAST_USERNAME \
|
||||
--auth-password $DAST_PASSWORD \
|
||||
--auth-username-field $DAST_USERNAME_FIELD \
|
||||
--auth-password-field $DAST_PASSWORD_FIELD
|
||||
else
|
||||
dast_run
|
||||
fi
|
||||
artifacts:
|
||||
reports:
|
||||
dast: gl-dast-report.json
|
||||
only:
|
||||
refs:
|
||||
- branches
|
||||
- tags
|
||||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bdast\b/
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
variables:
|
||||
- $DAST_DISABLED
|
|
@ -4,12 +4,6 @@
|
|||
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
||||
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
|
||||
|
||||
include:
|
||||
- template: Jobs/DAST.gitlab-ci.yml
|
||||
|
||||
variables:
|
||||
DAST_WEBSITE: http://example.com # Please edit to be your website to scan for vulnerabilities
|
||||
|
||||
stages:
|
||||
- build
|
||||
- test
|
||||
|
@ -17,10 +11,53 @@ stages:
|
|||
- dast
|
||||
|
||||
dast:
|
||||
stage: dast
|
||||
image: docker:stable
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay2
|
||||
allow_failure: true
|
||||
services:
|
||||
- docker:stable-dind
|
||||
script:
|
||||
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
||||
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
||||
- |
|
||||
if ! docker info &>/dev/null; then
|
||||
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
||||
export DOCKER_HOST='tcp://localhost:2375'
|
||||
fi
|
||||
fi
|
||||
- |
|
||||
function dast_run() {
|
||||
docker run \
|
||||
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
||||
--volume "$PWD:/output" \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||
-w /output \
|
||||
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
||||
/analyze -t $DAST_WEBSITE \
|
||||
"$@"
|
||||
}
|
||||
- |
|
||||
if [ -n "$DAST_AUTH_URL" ]
|
||||
then
|
||||
dast_run \
|
||||
--auth-url $DAST_AUTH_URL \
|
||||
--auth-username $DAST_USERNAME \
|
||||
--auth-password $DAST_PASSWORD \
|
||||
--auth-username-field $DAST_USERNAME_FIELD \
|
||||
--auth-password-field $DAST_PASSWORD_FIELD
|
||||
else
|
||||
dast_run
|
||||
fi
|
||||
artifacts:
|
||||
reports:
|
||||
dast: gl-dast-report.json
|
||||
only:
|
||||
refs:
|
||||
- branches
|
||||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bdast\b/
|
||||
except:
|
||||
refs: [] # Override default from template
|
||||
variables:
|
||||
- $DAST_DISABLED
|
||||
|
|
Loading…
Reference in New Issue