Commit ccc847db authored by Gilbert Roulot's avatar Gilbert Roulot Committed by Douwe Maan

Show secure results on environments page, backend

parent b5f78ed8
......@@ -5,6 +5,8 @@ module EE
prepended do
has_many :prometheus_alerts, inverse_of: :environment
has_one :last_deployable, through: :last_deployment, source: 'deployable', source_type: 'CommitStatus'
has_one :last_pipeline, through: :last_deployable, source: 'pipeline'
end
def pod_names
......
......@@ -7,6 +7,32 @@ module EE
expose :logs_path, if: -> (*) { can_read_pod_logs? } do |environment|
logs_project_environment_path(environment.project, environment)
end
expose :secure_artifacts do
expose :sast_path, if: -> (*) { environment.last_pipeline&.expose_sast_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.sast_artifact,
path: Ci::Build::SAST_FILE)
end
expose :dependency_scanning_path, if: -> (*) { environment.last_pipeline&.expose_dependency_scanning_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.dependency_scanning_artifact,
path: Ci::Build::DEPENDENCY_SCANNING_FILE)
end
expose :dast_path, if: -> (*) { environment.last_pipeline&.expose_dast_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.dast_artifact,
path: Ci::Build::DAST_FILE)
end
expose :container_scanning_path, if: -> (*) { environment.last_pipeline&.expose_container_scanning_data? } do |environment|
raw_project_build_artifacts_url(environment.project,
environment.last_pipeline.container_scanning_artifact,
path: Ci::Build::CONTAINER_SCANNING_FILE)
end
end
end
private
......
---
title: Show security analysis status on the environments page
merge_request: 6987
author:
type: added
......@@ -8,7 +8,8 @@
"last_deployment",
"environment_path",
"created_at",
"updated_at"
"updated_at",
"secure_artifacts"
],
"properties": {
"id": {
......@@ -68,6 +69,24 @@
},
"can_stop": {
"type": "boolean"
},
"secure_artifacts": {
"type": "object",
"additionalProperties": false,
"properties": {
"sast": {
"type": "integer"
},
"dast": {
"type": "string"
},
"container_scanning": {
"type": "string"
},
"dependency_scanning": {
"type": "string"
}
}
}
}
}
......@@ -32,4 +32,65 @@ describe EnvironmentEntity do
it_behaves_like 'protected environments access', false
end
describe 'secure_artifacts hash' do
it 'is present' do
expect(entity.as_json.include?(:secure_artifacts)).to eq(true)
end
it 'is empty' do
expect(entity.as_json[:secure_artifacts].size).to eq(0)
end
end
context 'with secure artifacts' do
let(:pipeline) { create(:ci_pipeline, :success, project: project) }
let(:deployable) { create(:ci_build, :success, pipeline: pipeline) }
jobs_parameters = [
{ name: 'sast', filename: 'gl-sast-report.json' },
{ name: 'dast', filename: 'gl-dast-report.json' },
{ name: 'container_scanning', filename: 'gl-container-scanning-report.json' },
{ name: 'dependency_scanning', filename: 'gl-dependency-scanning-report.json' }
]
before do
stub_licensed_features(sast: true, dast: true, dependency_scanning: true, sast_container: true)
create(:deployment, deployable: deployable, environment: environment)
jobs_parameters.each do |job_parameters|
create(
:ci_job_artifact,
:archive,
job: create(
:ci_build,
:success,
pipeline: pipeline,
name: job_parameters[:name],
options: {
artifacts: {
paths: [job_parameters[:filename]]
}
}))
end
end
describe 'secure_artifacts hash' do
it 'contains the reports' do
allow_any_instance_of(LegacyArtifactUploader).to receive(:exists?).and_return(true)
expect(entity.as_json[:secure_artifacts].size).to eq(4)
expect(entity.as_json[:secure_artifacts]).to include(:sast_path)
expect(entity.as_json[:secure_artifacts]).to include(:dast_path)
expect(entity.as_json[:secure_artifacts]).to include(:container_scanning_path)
expect(entity.as_json[:secure_artifacts]).to include(:dependency_scanning_path)
expect(entity.as_json[:secure_artifacts][:sast_path]).to end_with(Ci::Build::SAST_FILE)
expect(entity.as_json[:secure_artifacts][:dast_path]).to end_with(Ci::Build::DAST_FILE)
expect(entity.as_json[:secure_artifacts][:container_scanning_path]).to end_with(Ci::Build::CONTAINER_SCANNING_FILE)
expect(entity.as_json[:secure_artifacts][:dependency_scanning_path]).to end_with(Ci::Build::DEPENDENCY_SCANNING_FILE)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment