Commit 6c5bd6d0 authored by Marcia Ramos's avatar Marcia Ramos

Merge branch 'docs-update_security_products_examples' into 'master'

Update Security Products examples documentation

See merge request gitlab-org/gitlab-ce!18151
parents 59a15895 a0869452
...@@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali ...@@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali
```yaml ```yaml
codequality: codequality:
image: docker:latest image: docker:stable
variables: variables:
DOCKER_DRIVER: overlay DOCKER_DRIVER: overlay2
allow_failure: true
services: services:
- docker:dind - docker:stable-dind
script: script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code - docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
......
...@@ -11,7 +11,7 @@ called `sast:container`: ...@@ -11,7 +11,7 @@ called `sast:container`:
```yaml ```yaml
sast:container: sast:container:
image: docker:latest image: docker:stable
variables: variables:
DOCKER_DRIVER: overlay2 DOCKER_DRIVER: overlay2
## Define two new variables based on GitLab's CI/CD predefined variables ## Define two new variables based on GitLab's CI/CD predefined variables
...@@ -20,7 +20,7 @@ sast:container: ...@@ -20,7 +20,7 @@ sast:container:
CI_APPLICATION_TAG: $CI_COMMIT_SHA CI_APPLICATION_TAG: $CI_COMMIT_SHA
allow_failure: true allow_failure: true
services: services:
- docker:dind - docker:stable-dind
script: script:
- docker run -d --name db arminc/clair-db:latest - docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
......
...@@ -14,9 +14,10 @@ called `dast`: ...@@ -14,9 +14,10 @@ called `dast`:
```yaml ```yaml
dast: dast:
image: owasp/zap2docker-stable image: registry.gitlab.com/gitlab-org/security-products/zaproxy
variables: variables:
website: "https://example.com" website: "https://example.com"
allow_failure: true
script: script:
- mkdir /zap/wrk/ - mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $website || true - /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
...@@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your ...@@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your
own) and finally write the results in the `gl-dast-report.json` file. You can own) and finally write the results in the `gl-dast-report.json` file. You can
then download and analyze the report artifact in JSON format. then download and analyze the report artifact in JSON format.
It's also possible to authenticate the user before performing DAST checks:
```yaml
dast:
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
variables:
website: "https://example.com"
login_url: "https://example.com/sign-in"
allow_failure: true
script:
- mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $website \
--auth-url $login_url \
--auth-username "john.doe@example.com" \
--auth-password "john-doe-password" || true
- cp /zap/wrk/gl-dast-report.json .
artifacts:
paths: [gl-dast-report.json]
```
See [zaproxy documentation](https://gitlab.com/gitlab-org/security-products/zaproxy)
to learn more about authentication settings.
TIP: **Tip:** TIP: **Tip:**
Starting with [GitLab Ultimate][ee] 10.4, this information will Starting with [GitLab Ultimate][ee] 10.4, this information will
be automatically extracted and shown right in the merge request widget. To do be automatically extracted and shown right in the merge request widget. To do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment