mirror of
https://gitlab.com/ydkn/capistrano-rails-console.git
synced 2023-02-13 20:54:14 -05:00
add security scans to ci pipeline
This commit is contained in:
parent
42cd9edc96
commit
2fecb87e89
2 changed files with 61 additions and 17 deletions
20
.gitignore
vendored
20
.gitignore
vendored
|
@ -1,17 +1,3 @@
|
|||
*.gem
|
||||
*.rbc
|
||||
.bundle
|
||||
.config
|
||||
.yardoc
|
||||
Gemfile.lock
|
||||
InstalledFiles
|
||||
_yardoc
|
||||
coverage
|
||||
doc/
|
||||
lib/bundler/man
|
||||
pkg
|
||||
rdoc
|
||||
spec/reports
|
||||
test/tmp
|
||||
test/version_tmp
|
||||
tmp
|
||||
/.bundle
|
||||
/Gemfile.lock
|
||||
/pkg
|
||||
|
|
|
@ -1,5 +1,63 @@
|
|||
stages:
|
||||
- build
|
||||
- codequality
|
||||
- security
|
||||
|
||||
build:
|
||||
stage: build
|
||||
image: ruby:2.5
|
||||
script:
|
||||
- gem install bundler --no-ri --no-rdoc
|
||||
- bundle update
|
||||
artifacts:
|
||||
paths:
|
||||
- Gemfile.lock
|
||||
|
||||
rubocop:
|
||||
stage: codequality
|
||||
image: ruby:2.5
|
||||
script:
|
||||
- gem install rubocop --no-ri --no-rdoc
|
||||
- rubocop
|
||||
|
||||
dependency_scanning:
|
||||
stage: security
|
||||
dependencies:
|
||||
- build
|
||||
image: docker:stable
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay2
|
||||
allow_failure: true
|
||||
services:
|
||||
- docker:stable-dind
|
||||
script:
|
||||
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
||||
- docker run
|
||||
--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
|
||||
--volume "$PWD:/code"
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock
|
||||
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
|
||||
artifacts:
|
||||
paths:
|
||||
- gl-dependency-scanning-report.json
|
||||
|
||||
sast:
|
||||
stage: security
|
||||
dependencies:
|
||||
- build
|
||||
image: docker:stable
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay2
|
||||
allow_failure: true
|
||||
services:
|
||||
- docker:stable-dind
|
||||
script:
|
||||
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
||||
- docker run
|
||||
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
|
||||
--volume "$PWD:/code"
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock
|
||||
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
|
||||
artifacts:
|
||||
paths:
|
||||
- gl-sast-report.json
|
||||
|
|
Loading…
Reference in a new issue