use more of latest gitlab configuration

8 files changed, 88 insertions, 3 deletions

diff --git a/.gitlab/ci_templates/container_scanning.yml b/.gitlab/ci_templates/container_scanning.yml
new file mode 100644
index 0000000000..19231ba4dc
--- /dev/null
+++ b/.gitlab/ci_templates/container_scanning.yml
@@ -0,0 +1,20 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  - template: Jobs/Container-Scanning.latest.gitlab-ci.yml
+
+# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
+# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
+container_scanning:
+  stage: deploy
+
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  variables:
+    AST_ENABLE_MR_PIPELINES: 'false'
+    CS_IMAGE: "${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}"
+
+  needs:
+    - job: merge_image_manifests
+      artifacts: true
diff --git a/.gitlab/ci_templates/dependency_scanning.yml b/.gitlab/ci_templates/dependency_scanning.yml
new file mode 100644
index 0000000000..5f9deaab6b
--- /dev/null
+++ b/.gitlab/ci_templates/dependency_scanning.yml
@@ -0,0 +1,14 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  - template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
+
+dependency-scanning:
+  stage: test
+
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  # Don't wait, since this has no dependencies.
+  # https://docs.gitlab.com/ci/yaml/#needs
+  needs: []
diff --git a/.gitlab/ci_templates/lib_behave.yml b/.gitlab/ci_templates/lib_behave.yml
new file mode 100644
index 0000000000..ecec0a4586
--- /dev/null
+++ b/.gitlab/ci_templates/lib_behave.yml
@@ -0,0 +1,20 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  # https://docs.gitlab.com/user/application_security/dependency_scanning/experiment_libbehave_dependency/
+  - component: $CI_SERVER_FQDN/TransFem-org/libbehave/libbehave@v0.4.0
+    inputs:
+      include-lang: 'js'
+      stage: test
+
+
+.libbehave-experiment:
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  # Don't wait, since this has no dependencies.
+  # https://docs.gitlab.com/ci/yaml/#needs
+  needs: []
+
+  # Gitlab issue currently causes error when upload final artifacts
+  allow_failure: true
diff --git a/.gitlab/ci_templates/sast.yml b/.gitlab/ci_templates/sast.yml
new file mode 100644
index 0000000000..204df7183c
--- /dev/null
+++ b/.gitlab/ci_templates/sast.yml
@@ -0,0 +1,17 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  - template: Jobs/SAST.latest.gitlab-ci.yml
+
+sast: &sast
+  stage: test
+
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  # Don't wait, since this has no dependencies.
+  # https://docs.gitlab.com/ci/yaml/#needs
+  needs: []
+
+gitlab-advanced-sast:
+  <<: *sast
diff --git a/.gitlab/ci_templates/secret_detection.yml b/.gitlab/ci_templates/secret_detection.yml
new file mode 100644
index 0000000000..f78e092bf6
--- /dev/null
+++ b/.gitlab/ci_templates/secret_detection.yml
@@ -0,0 +1,14 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  - template: Jobs/Secret-Detection.latest.gitlab-ci.yml
+
+secret_detection:
+  stage: test
+
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  # Don't wait, since this has no dependencies.
+  # https://docs.gitlab.com/ci/yaml/#needs
+  needs: []
diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md
index a909067269..32631619bc 100644
--- a/.gitlab/issue_templates/bug.md
+++ b/.gitlab/issue_templates/bug.md
@@ -30,6 +30,6 @@
 <!-- Please copy and paste any relevant log output. You can find your log by inspecting the page, and going to the "console" tab. This will be automatically formatted into code, so no need for backticks. -->
 
 # **Contribution Guidelines**
-By submitting this issue, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.md)
+By submitting this issue, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.Sharkey.md)
 - [ ] I agree to follow this project's Contribution Guidelines
 - [ ] I have searched the issue tracker for similar issues, and this is not a duplicate.
diff --git a/.gitlab/issue_templates/feature.md b/.gitlab/issue_templates/feature.md
index a77f9335fe..989ba23ba7 100644
--- a/.gitlab/issue_templates/feature.md
+++ b/.gitlab/issue_templates/feature.md
@@ -16,6 +16,6 @@
 <!-- What instance of Sharkey are you using? -->
 
 # **Contribution Guidelines**
-By submitting this issue, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.md)
+By submitting this issue, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.Sharkey.md)
 - [ ] I agree to follow this project's Contribution Guidelines
 - [ ] I have searched the issue tracker for similar requests, and this is not a duplicate.
diff --git a/.gitlab/merge_request_templates/default.md b/.gitlab/merge_request_templates/default.md
index 389b2c8cbe..a2ef2dc235 100644
--- a/.gitlab/merge_request_templates/default.md
+++ b/.gitlab/merge_request_templates/default.md
@@ -6,7 +6,7 @@
 %{all_commits}
 
 # **Contribution Guidelines**
-By submitting this merge request, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.md)
+By submitting this merge request, you agree to follow our [Contribution Guidelines](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/CONTRIBUTING.Sharkey.md)
 - [ ] I agree to follow this project's Contribution Guidelines
 - [ ] I have made sure to test this merge request