1
0
Fork 0
mirror of https://gitlab.com/ydkn/capistrano-rails-console.git synced 2023-02-13 20:54:14 -05:00

add security scans to ci pipeline

This commit is contained in:
Florian Schwab 2018-10-07 15:00:27 +02:00
parent 42cd9edc96
commit 2fecb87e89
2 changed files with 61 additions and 17 deletions

20
.gitignore vendored
View file

@ -1,17 +1,3 @@
*.gem
*.rbc
.bundle
.config
.yardoc
Gemfile.lock
InstalledFiles
_yardoc
coverage
doc/
lib/bundler/man
pkg
rdoc
spec/reports
test/tmp
test/version_tmp
tmp
/.bundle
/Gemfile.lock
/pkg

View file

@ -1,5 +1,63 @@
stages:
- build
- codequality
- security
build:
stage: build
image: ruby:2.5
script:
- gem install bundler --no-ri --no-rdoc
- bundle update
artifacts:
paths:
- Gemfile.lock
rubocop:
stage: codequality
image: ruby:2.5
script:
- gem install rubocop --no-ri --no-rdoc
- rubocop
dependency_scanning:
stage: security
dependencies:
- build
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
artifacts:
paths:
- gl-dependency-scanning-report.json
sast:
stage: security
dependencies:
- build
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
artifacts:
paths:
- gl-sast-report.json