include:
  - template: Code-Quality.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml

.reports:
  extends:
    - .default-retry
    - .except-docs

code_quality:
  extends: .reports

sast:
  extends: .reports
  variables:
    SAST_BRAKEMAN_LEVEL: 2
    SAST_EXCLUDED_PATHS: qa,spec,doc
  artifacts:
    expire_in: 7 days
    paths:
      - gl-sast-report.json

dependency_scanning:
  extends: .reports

dast:
  extends:
    - .reports
    - .review-only
  stage: qa
  dependencies: ["review-deploy"]
  before_script:
    - export DAST_WEBSITE="$(cat review_app_url.txt)"
  artifacts:
    expire_in: 7 days
    paths:
      - gl-dast-report.json