Setup security products.

ce62ef0a · Olivier Gonzalez · Rémy Coutable · 3a83767f · ce62ef0a
Commit ce62ef0a authored Apr 11, 2018 by Olivier Gonzalez Committed by Rémy Coutable Apr 11, 2018
Show whitespace changes
Inline Side-by-side

Showing with 45 additions and 11 deletions

.gitlab-ci.yml .gitlab-ci.yml +45 -11

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -57,23 +57,57 @@ go:1.8:
  <<: *go_definition
  image: golang:1.8

-codeclimate:
-  before_script: []
-  image: docker:latest
+codequality:
+  image: docker:stable
  variables:
-    DOCKER_DRIVER: overlay
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
  services:
-    - docker:dind
+    - docker:stable-dind
+  before_script: []
  script:
-    - docker pull codeclimate/codeclimate
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SOURCE_CODE="$PWD"
+        --volume "$PWD":/code
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
  artifacts:
    paths: [codeclimate.json]

+
 sast:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
  before_script: []
-  image: registry.gitlab.com/gitlab-org/gl-sast:latest
  script:
-    - /app/bin/run .
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
  artifacts:
    paths: [gl-sast-report.json]
+
+dependency_scanning:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  before_script: []
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
+  artifacts:
+    paths: [gl-dependency-scanning-report.json]
\ No newline at end of file