From 86f4f7efb92fc6d8c3c0524833bb7b5e28e18459 Mon Sep 17 00:00:00 2001 From: Madawa Soysa Date: Thu, 5 Sep 2019 06:04:03 +0000 Subject: [PATCH] Security scan --- .gitlab-ci.yml | 105 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 96 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8c19854ef2b..87228b4b696 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,19 +9,106 @@ cache: - .m2/repository/ - target/ -build: - stage: build - script: - - mvn $MAVEN_CLI_OPTS clean install -Dmaven.test.skip=true +# build: +# stage: build +# script: +# - mvn $MAVEN_CLI_OPTS clean install -Dmaven.test.skip=true -test: - stage: test - script: - - mvn $MAVEN_CLI_OPTS test +# test: +# stage: test +# script: +# - mvn $MAVEN_CLI_OPTS test + +include: + template: Dependency-Scanning.gitlab-ci.yml + +dependency_scanning: + variables: + DS_ANALYZER_IMAGES: "registry.gitlab.com/madawa/gemnasium-maven" + DS_RUN_ANALYZER_TIMEOUT: 3h + DS_DEFAULT_ANALYZERS: "" + only: + refs: + - security-scan + +# sast: +# stage: test +# image: docker:stable +# variables: +# DOCKER_DRIVER: overlay2 +# DOCKER_TLS_CERTDIR: "" +# MAVEN_CLI_OPTS: "-s /tmp/app/.m2/settings.xml --batch-mode" +# SAST_RUN_ANALYZER_TIMEOUT: 3h +# MAVEN_REPO_PATH: "/tmp/app/.m2/repository" +# SAST_DEFAULT_ANALYZERS: "spotbugs" +# MAVEN_OPTS: "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" +# allow_failure: false +# services: +# - docker:stable-dind +# script: +# - export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} +# - | +# if ! docker info &>/dev/null; then +# if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then +# export DOCKER_HOST='tcp://localhost:2375' +# fi +# fi +# - | +# function propagate_env_vars() { +# CURRENT_ENV=$(printenv) + +# for VAR_NAME; do +# echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME " +# done +# } +# - | +# docker run \ +# $(propagate_env_vars \ +# SAST_BANDIT_EXCLUDED_PATHS \ +# SAST_ANALYZER_IMAGES \ +# SAST_ANALYZER_IMAGE_PREFIX \ +# SAST_ANALYZER_IMAGE_TAG \ +# SAST_DEFAULT_ANALYZERS \ +# SAST_PULL_ANALYZER_IMAGES \ +# SAST_BRAKEMAN_LEVEL \ +# SAST_FLAWFINDER_LEVEL \ +# SAST_GITLEAKS_ENTROPY_LEVEL \ +# SAST_GOSEC_LEVEL \ +# SAST_EXCLUDED_PATHS \ +# SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ +# SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ +# SAST_RUN_ANALYZER_TIMEOUT \ +# SAST_JAVA_VERSION \ +# ANT_HOME \ +# ANT_PATH \ +# GRADLE_PATH \ +# JAVA_OPTS \ +# JAVA_PATH \ +# JAVA_8_VERSION \ +# JAVA_11_VERSION \ +# MAVEN_CLI_OPTS \ +# MAVEN_OPTS \ +# MAVEN_PATH \ +# MAVEN_REPO_PATH \ +# SBT_PATH \ +# FAIL_NEVER \ +# ) \ +# --volume "$PWD:/code" \ +# --volume /var/run/docker.sock:/var/run/docker.sock \ +# "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code +# artifacts: +# reports: +# sast: gl-sast-report.json +# paths: +# - gl-sast-report.json +# dependencies: [] +# only: +# refs: +# - security-scan deploy: stage: deploy script: - mvn $MAVEN_CLI_OPTS deploy -Dmaven.test.skip=true only: - - master@entgra/carbon-device-mgt \ No newline at end of file + - master@entgra/carbon-device-mgt