Commit 1fdf597b authored by Craig Smith's avatar Craig Smith Committed by Matija Čupić

Make DAST more easily extendable

parent e505ad5e
...@@ -27,20 +27,23 @@ variables: ...@@ -27,20 +27,23 @@ variables:
# (SAST, Dependency Scanning, ...) # (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
dast: .dast_base:
stage: dast stage: dast
image: image:
name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION" name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION"
variables: variables:
GIT_STRATEGY: none GIT_STRATEGY: none
allow_failure: true
script: script:
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)} - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
- if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi - if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi
- /analyze - /analyze
allow_failure: true
artifacts: artifacts:
reports: reports:
dast: gl-dast-report.json dast: gl-dast-report.json
dast:
extends: .dast_base
rules: rules:
- if: $DAST_DISABLED - if: $DAST_DISABLED
when: never when: never
......
...@@ -27,20 +27,23 @@ variables: ...@@ -27,20 +27,23 @@ variables:
# (SAST, Dependency Scanning, ...) # (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
dast: .dast_base:
stage: dast stage: dast
image: image:
name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION" name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION"
variables: variables:
GIT_STRATEGY: none GIT_STRATEGY: none
allow_failure: true
script: script:
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)} - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
- if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi - if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi
- /analyze - /analyze
allow_failure: true
artifacts: artifacts:
reports: reports:
dast: gl-dast-report.json dast: gl-dast-report.json
dast:
extends: .dast_base
rules: rules:
- if: $DAST_DISABLED - if: $DAST_DISABLED
when: never when: never
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment