Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
09b55157
Commit
09b55157
authored
Oct 26, 2021
by
rossfuhrman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add SAST-IaC.latest.gitlab-ci.yml template
Add SAST-IaC.latest.gitlab-ci.yml vendored template Changelog: added
parent
3db4f856
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
211 additions
and
0 deletions
+211
-0
config/metrics/counts_28d/20211102213704_p_ci_templates_jobs_sast_iac_latest_monthly.yml
...102213704_p_ci_templates_jobs_sast_iac_latest_monthly.yml
+26
-0
config/metrics/counts_28d/20211102213921_p_ci_templates_implicit_jobs_sast_iac_latest_monthly.yml
..._p_ci_templates_implicit_jobs_sast_iac_latest_monthly.yml
+26
-0
config/metrics/counts_7d/20211102213112_p_ci_templates_jobs_sast_iac_latest_weekly.yml
...1102213112_p_ci_templates_jobs_sast_iac_latest_weekly.yml
+26
-0
config/metrics/counts_7d/20211102213417_p_ci_templates_implicit_jobs_sast_iac_latest_weekly.yml
...7_p_ci_templates_implicit_jobs_sast_iac_latest_weekly.yml
+26
-0
lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
+34
-0
lib/gitlab/usage_data_counters/known_events/ci_templates.yml
lib/gitlab/usage_data_counters/known_events/ci_templates.yml
+8
-0
spec/lib/gitlab/ci/templates/Jobs/sast_iac_gitlab_ci_yaml_spec.rb
.../gitlab/ci/templates/Jobs/sast_iac_gitlab_ci_yaml_spec.rb
+65
-0
No files found.
config/metrics/counts_28d/20211102213704_p_ci_templates_jobs_sast_iac_latest_monthly.yml
0 → 100644
View file @
09b55157
---
key_path
:
redis_hll_counters.ci_templates.p_ci_templates_jobs_sast_iac_latest_monthly
description
:
Count of pipelines using the latest SAST IaC template
product_section
:
sec
product_stage
:
secure
product_group
:
"
group::static
analysis"
product_category
:
SAST
value_type
:
number
status
:
active
milestone
:
"
14.5"
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73074
time_frame
:
28d
data_source
:
redis_hll
data_category
:
optional
instrumentation_class
:
RedisHLLMetric
performance_indicator_type
:
[]
distribution
:
-
ce
-
ee
tier
:
-
free
-
premium
-
ultimate
options
:
events
:
-
p_ci_templates_jobs_sast_iac_latest
config/metrics/counts_28d/20211102213921_p_ci_templates_implicit_jobs_sast_iac_latest_monthly.yml
0 → 100644
View file @
09b55157
---
key_path
:
redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_sast_iac_latest_monthly
description
:
Count of pipelines with implicit runs using the latest SAST IaC template
product_section
:
sec
product_stage
:
secure
product_group
:
"
group::static
analysis"
product_category
:
SAST
value_type
:
number
status
:
active
milestone
:
"
14.5"
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73074
time_frame
:
28d
data_source
:
redis_hll
data_category
:
optional
instrumentation_class
:
RedisHLLMetric
performance_indicator_type
:
[]
distribution
:
-
ce
-
ee
tier
:
-
free
-
premium
-
ultimate
options
:
events
:
-
p_ci_templates_implicit_jobs_sast_iac_latest
config/metrics/counts_7d/20211102213112_p_ci_templates_jobs_sast_iac_latest_weekly.yml
0 → 100644
View file @
09b55157
---
key_path
:
redis_hll_counters.ci_templates.p_ci_templates_jobs_sast_iac_latest_weekly
description
:
Count of pipelines using the latest SAST IaC template
product_section
:
sec
product_stage
:
secure
product_group
:
"
group::static
analysis"
product_category
:
SAST
value_type
:
number
status
:
active
milestone
:
"
14.5"
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73074
time_frame
:
7d
data_source
:
redis_hll
data_category
:
optional
instrumentation_class
:
RedisHLLMetric
performance_indicator_type
:
[]
distribution
:
-
ce
-
ee
tier
:
-
free
-
premium
-
ultimate
options
:
events
:
-
p_ci_templates_jobs_sast_iac_latest
config/metrics/counts_7d/20211102213417_p_ci_templates_implicit_jobs_sast_iac_latest_weekly.yml
0 → 100644
View file @
09b55157
---
key_path
:
redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_sast_iac_latest_weekly
description
:
Count of pipelines with implicit runs using the latest SAST IaC template
product_section
:
sec
product_stage
:
secure
product_group
:
"
group::static
analysis"
product_category
:
SAST
value_type
:
number
status
:
active
milestone
:
"
14.5"
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73074
time_frame
:
7d
data_source
:
redis_hll
data_category
:
optional
instrumentation_class
:
RedisHLLMetric
performance_indicator_type
:
[]
distribution
:
-
ce
-
ee
tier
:
-
free
-
premium
-
ultimate
options
:
events
:
-
p_ci_templates_implicit_jobs_sast_iac_latest
lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
0 → 100644
View file @
09b55157
variables
:
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX
:
"
registry.gitlab.com/gitlab-org/security-products/analyzers"
SAST_EXCLUDED_PATHS
:
"
spec,
test,
tests,
tmp"
iac-sast
:
stage
:
test
artifacts
:
reports
:
sast
:
gl-sast-report.json
rules
:
-
when
:
never
# `rules` must be overridden explicitly by each child job
# see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
variables
:
SEARCH_MAX_DEPTH
:
4
allow_failure
:
true
script
:
-
/analyzer run
kics-iac-sast
:
extends
:
iac-sast
image
:
name
:
"
$SAST_ANALYZER_IMAGE"
variables
:
SAST_ANALYZER_IMAGE_TAG
:
0
SAST_ANALYZER_IMAGE
:
"
$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG"
rules
:
-
if
:
$SAST_DISABLED
when
:
never
-
if
:
$SAST_EXCLUDED_ANALYZERS =~ /kics/
when
:
never
-
if
:
$CI_COMMIT_BRANCH
lib/gitlab/usage_data_counters/known_events/ci_templates.yml
View file @
09b55157
...
...
@@ -267,6 +267,10 @@
category
:
ci_templates
redis_slot
:
ci_templates
aggregation
:
weekly
-
name
:
p_ci_templates_jobs_sast_iac_latest
category
:
ci_templates
redis_slot
:
ci_templates
aggregation
:
weekly
-
name
:
p_ci_templates_jobs_secret_detection
category
:
ci_templates
redis_slot
:
ci_templates
...
...
@@ -447,6 +451,10 @@
category
:
ci_templates
redis_slot
:
ci_templates
aggregation
:
weekly
-
name
:
p_ci_templates_implicit_jobs_sast_iac_latest
category
:
ci_templates
redis_slot
:
ci_templates
aggregation
:
weekly
-
name
:
p_ci_templates_implicit_jobs_secret_detection
category
:
ci_templates
redis_slot
:
ci_templates
...
...
spec/lib/gitlab/ci/templates/Jobs/sast_iac_gitlab_ci_yaml_spec.rb
0 → 100644
View file @
09b55157
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
'Jobs/SAST-IaC.latest.gitlab-ci.yml'
do
subject
(
:template
)
{
Gitlab
::
Template
::
GitlabCiYmlTemplate
.
find
(
'Jobs/SAST-IaC.latest'
)
}
describe
'the created pipeline'
do
let_it_be
(
:project
)
{
create
(
:project
,
:repository
)
}
let_it_be
(
:user
)
{
project
.
owner
}
let
(
:default_branch
)
{
'main'
}
let
(
:pipeline_ref
)
{
default_branch
}
let
(
:service
)
{
Ci
::
CreatePipelineService
.
new
(
project
,
user
,
ref:
pipeline_ref
)
}
let
(
:pipeline
)
{
service
.
execute!
(
:push
).
payload
}
let
(
:build_names
)
{
pipeline
.
builds
.
pluck
(
:name
)
}
before
do
stub_ci_pipeline_yaml_file
(
template
.
content
)
allow_next_instance_of
(
Ci
::
BuildScheduleWorker
)
do
|
instance
|
allow
(
instance
).
to
receive
(
:perform
).
and_return
(
true
)
end
allow
(
project
).
to
receive
(
:default_branch
).
and_return
(
default_branch
)
end
context
'on feature branch'
do
let
(
:pipeline_ref
)
{
'feature'
}
it
'creates the kics-iac-sast job'
do
expect
(
build_names
).
to
contain_exactly
(
'kics-iac-sast'
)
end
end
context
'on merge request'
do
let
(
:service
)
{
MergeRequests
::
CreatePipelineService
.
new
(
project:
project
,
current_user:
user
)
}
let
(
:merge_request
)
{
create
(
:merge_request
,
:simple
,
source_project:
project
)
}
let
(
:pipeline
)
{
service
.
execute
(
merge_request
).
payload
}
it
'has no jobs'
do
expect
(
pipeline
).
to
be_merge_request_event
expect
(
build_names
).
to
be_empty
end
end
context
'SAST_DISABLED is set'
do
before
do
create
(
:ci_variable
,
key:
'SAST_DISABLED'
,
value:
'true'
,
project:
project
)
end
context
'on default branch'
do
it
'has no jobs'
do
expect
{
pipeline
}.
to
raise_error
(
Ci
::
CreatePipelineService
::
CreateError
)
end
end
context
'on feature branch'
do
let
(
:pipeline_ref
)
{
'feature'
}
it
'has no jobs'
do
expect
{
pipeline
}.
to
raise_error
(
Ci
::
CreatePipelineService
::
CreateError
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment