Commit aa1a39a9 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'setup_security_products' into 'master'

Setup security products.

See merge request gitlab-org/gitlab-shell!201
parents 3a83767f ce62ef0a
...@@ -15,7 +15,7 @@ rspec: ...@@ -15,7 +15,7 @@ rspec:
- tags - tags
rubocop: rubocop:
script: script:
- bundle exec rubocop - bundle exec rubocop
tags: tags:
- ruby - ruby
...@@ -57,23 +57,57 @@ go:1.8: ...@@ -57,23 +57,57 @@ go:1.8:
<<: *go_definition <<: *go_definition
image: golang:1.8 image: golang:1.8
codeclimate: codequality:
before_script: [] image: docker:stable
image: docker:latest
variables: variables:
DOCKER_DRIVER: overlay DOCKER_DRIVER: overlay2
allow_failure: true
services: services:
- docker:dind - docker:stable-dind
before_script: []
script: script:
- docker pull codeclimate/codeclimate - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json - docker run
--env SOURCE_CODE="$PWD"
--volume "$PWD":/code
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
artifacts: artifacts:
paths: [codeclimate.json] paths: [codeclimate.json]
sast: sast:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
before_script: []
script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
artifacts:
paths: [gl-sast-report.json]
dependency_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
before_script: [] before_script: []
image: registry.gitlab.com/gitlab-org/gl-sast:latest
script: script:
- /app/bin/run . - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
artifacts: artifacts:
paths: [gl-sast-report.json] paths: [gl-dependency-scanning-report.json]
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment