diff options
Diffstat (limited to '.gitlab/ci_templates')
| -rw-r--r-- | .gitlab/ci_templates/container_scanning.yml | 20 | ||||
| -rw-r--r-- | .gitlab/ci_templates/dependency_scanning.yml | 14 | ||||
| -rw-r--r-- | .gitlab/ci_templates/lib_behave.yml | 20 | ||||
| -rw-r--r-- | .gitlab/ci_templates/sast.yml | 17 | ||||
| -rw-r--r-- | .gitlab/ci_templates/secret_detection.yml | 14 |
5 files changed, 85 insertions, 0 deletions
diff --git a/.gitlab/ci_templates/container_scanning.yml b/.gitlab/ci_templates/container_scanning.yml new file mode 100644 index 0000000000..19231ba4dc --- /dev/null +++ b/.gitlab/ci_templates/container_scanning.yml @@ -0,0 +1,20 @@ +# https://docs.gitlab.com/user/application_security/sast/ +include: + - template: Jobs/Container-Scanning.latest.gitlab-ci.yml + +# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job +# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist +container_scanning: + stage: deploy + + # SAST tools only support x64 + tags: + - amd64 + + variables: + AST_ENABLE_MR_PIPELINES: 'false' + CS_IMAGE: "${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}" + + needs: + - job: merge_image_manifests + artifacts: true diff --git a/.gitlab/ci_templates/dependency_scanning.yml b/.gitlab/ci_templates/dependency_scanning.yml new file mode 100644 index 0000000000..5f9deaab6b --- /dev/null +++ b/.gitlab/ci_templates/dependency_scanning.yml @@ -0,0 +1,14 @@ +# https://docs.gitlab.com/user/application_security/sast/ +include: + - template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml + +dependency-scanning: + stage: test + + # SAST tools only support x64 + tags: + - amd64 + + # Don't wait, since this has no dependencies. + # https://docs.gitlab.com/ci/yaml/#needs + needs: [] diff --git a/.gitlab/ci_templates/lib_behave.yml b/.gitlab/ci_templates/lib_behave.yml new file mode 100644 index 0000000000..ecec0a4586 --- /dev/null +++ b/.gitlab/ci_templates/lib_behave.yml @@ -0,0 +1,20 @@ +# https://docs.gitlab.com/user/application_security/sast/ +include: + # https://docs.gitlab.com/user/application_security/dependency_scanning/experiment_libbehave_dependency/ + - component: $CI_SERVER_FQDN/TransFem-org/libbehave/libbehave@v0.4.0 + inputs: + include-lang: 'js' + stage: test + + +.libbehave-experiment: + # SAST tools only support x64 + tags: + - amd64 + + # Don't wait, since this has no dependencies. + # https://docs.gitlab.com/ci/yaml/#needs + needs: [] + + # Gitlab issue currently causes error when upload final artifacts + allow_failure: true diff --git a/.gitlab/ci_templates/sast.yml b/.gitlab/ci_templates/sast.yml new file mode 100644 index 0000000000..204df7183c --- /dev/null +++ b/.gitlab/ci_templates/sast.yml @@ -0,0 +1,17 @@ +# https://docs.gitlab.com/user/application_security/sast/ +include: + - template: Jobs/SAST.latest.gitlab-ci.yml + +sast: &sast + stage: test + + # SAST tools only support x64 + tags: + - amd64 + + # Don't wait, since this has no dependencies. + # https://docs.gitlab.com/ci/yaml/#needs + needs: [] + +gitlab-advanced-sast: + <<: *sast diff --git a/.gitlab/ci_templates/secret_detection.yml b/.gitlab/ci_templates/secret_detection.yml new file mode 100644 index 0000000000..f78e092bf6 --- /dev/null +++ b/.gitlab/ci_templates/secret_detection.yml @@ -0,0 +1,14 @@ +# https://docs.gitlab.com/user/application_security/sast/ +include: + - template: Jobs/Secret-Detection.latest.gitlab-ci.yml + +secret_detection: + stage: test + + # SAST tools only support x64 + tags: + - amd64 + + # Don't wait, since this has no dependencies. + # https://docs.gitlab.com/ci/yaml/#needs + needs: [] |