From 86f4f7efb92fc6d8c3c0524833bb7b5e28e18459 Mon Sep 17 00:00:00 2001
From: Madawa Soysa <madawa.rc@gmail.com>
Date: Thu, 5 Sep 2019 06:04:03 +0000
Subject: [PATCH] Security scan

---
 .gitlab-ci.yml | 105 ++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 96 insertions(+), 9 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8c19854ef2..87228b4b69 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,19 +9,106 @@ cache:
     - .m2/repository/
     - target/
 
-build:
-  stage: build
-  script:
-    - mvn $MAVEN_CLI_OPTS clean install -Dmaven.test.skip=true
+# build:
+#   stage: build
+#   script:
+#     - mvn $MAVEN_CLI_OPTS clean install -Dmaven.test.skip=true
 
-test:
-  stage: test
-  script:
-    - mvn $MAVEN_CLI_OPTS test
+# test:
+#   stage: test
+#   script:
+#     - mvn $MAVEN_CLI_OPTS test
+    
+include:
+  template: Dependency-Scanning.gitlab-ci.yml
+  
+dependency_scanning:  
+  variables:
+    DS_ANALYZER_IMAGES: "registry.gitlab.com/madawa/gemnasium-maven"
+    DS_RUN_ANALYZER_TIMEOUT: 3h
+    DS_DEFAULT_ANALYZERS: ""
+  only:
+    refs:
+      - security-scan      
+
+# sast:
+#   stage: test
+#   image: docker:stable
+#   variables:
+#     DOCKER_DRIVER: overlay2
+#     DOCKER_TLS_CERTDIR: ""
+#     MAVEN_CLI_OPTS: "-s /tmp/app/.m2/settings.xml --batch-mode"
+#     SAST_RUN_ANALYZER_TIMEOUT: 3h
+#     MAVEN_REPO_PATH: "/tmp/app/.m2/repository"
+#     SAST_DEFAULT_ANALYZERS: "spotbugs"
+#     MAVEN_OPTS: "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
+#   allow_failure: false
+#   services:
+#     - docker:stable-dind
+#   script:
+#     - export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
+#     - |
+#       if ! docker info &>/dev/null; then
+#         if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
+#           export DOCKER_HOST='tcp://localhost:2375'
+#         fi
+#       fi
+#     - |
+#       function propagate_env_vars() {
+#         CURRENT_ENV=$(printenv)
+
+#         for VAR_NAME; do
+#           echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
+#         done
+#       }
+#     - |
+#       docker run \
+#         $(propagate_env_vars \
+#           SAST_BANDIT_EXCLUDED_PATHS \
+#           SAST_ANALYZER_IMAGES \
+#           SAST_ANALYZER_IMAGE_PREFIX \
+#           SAST_ANALYZER_IMAGE_TAG \
+#           SAST_DEFAULT_ANALYZERS \
+#           SAST_PULL_ANALYZER_IMAGES \
+#           SAST_BRAKEMAN_LEVEL \
+#           SAST_FLAWFINDER_LEVEL \
+#           SAST_GITLEAKS_ENTROPY_LEVEL \
+#           SAST_GOSEC_LEVEL \
+#           SAST_EXCLUDED_PATHS \
+#           SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
+#           SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
+#           SAST_RUN_ANALYZER_TIMEOUT \
+#           SAST_JAVA_VERSION \
+#           ANT_HOME \
+#           ANT_PATH \
+#           GRADLE_PATH \
+#           JAVA_OPTS \
+#           JAVA_PATH \
+#           JAVA_8_VERSION \
+#           JAVA_11_VERSION \
+#           MAVEN_CLI_OPTS \
+#           MAVEN_OPTS \
+#           MAVEN_PATH \
+#           MAVEN_REPO_PATH \
+#           SBT_PATH \
+#           FAIL_NEVER \
+#         ) \
+#         --volume "$PWD:/code" \
+#         --volume /var/run/docker.sock:/var/run/docker.sock \
+#         "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
+#   artifacts:
+#     reports:
+#       sast: gl-sast-report.json
+#     paths:
+#       - gl-sast-report.json
+#   dependencies: []
+#   only:
+#     refs:
+#       - security-scan
 
 deploy:
   stage: deploy
   script:
     - mvn $MAVEN_CLI_OPTS deploy -Dmaven.test.skip=true
   only:
-    - master@entgra/carbon-device-mgt
\ No newline at end of file
+    - master@entgra/carbon-device-mgt