64 lines
1.6 KiB
YAML
64 lines
1.6 KiB
YAML
stages:
|
|
- build
|
|
- codequality
|
|
- security
|
|
|
|
build:
|
|
stage: build
|
|
image: ruby:2.5
|
|
script:
|
|
- gem install bundler --no-ri --no-rdoc
|
|
- bundle update
|
|
artifacts:
|
|
paths:
|
|
- Gemfile.lock
|
|
|
|
rubocop:
|
|
stage: codequality
|
|
image: ruby:2.5
|
|
script:
|
|
- gem install rubocop --no-ri --no-rdoc
|
|
- rubocop
|
|
|
|
dependency_scanning:
|
|
stage: security
|
|
dependencies:
|
|
- build
|
|
image: docker:stable
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
allow_failure: true
|
|
services:
|
|
- docker:stable-dind
|
|
script:
|
|
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
|
- docker run
|
|
--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
|
|
--volume "$PWD:/code"
|
|
--volume /var/run/docker.sock:/var/run/docker.sock
|
|
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
|
|
artifacts:
|
|
paths:
|
|
- gl-dependency-scanning-report.json
|
|
|
|
sast:
|
|
stage: security
|
|
dependencies:
|
|
- build
|
|
image: docker:stable
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
allow_failure: true
|
|
services:
|
|
- docker:stable-dind
|
|
script:
|
|
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
|
- docker run
|
|
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
|
|
--volume "$PWD:/code"
|
|
--volume /var/run/docker.sock:/var/run/docker.sock
|
|
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
|
|
artifacts:
|
|
paths:
|
|
- gl-sast-report.json
|