Add SAST to the build pipeline
This commit is contained in:
parent
99ece47925
commit
8f7aa09763
1 changed files with 31 additions and 0 deletions
|
|
@ -1,5 +1,6 @@
|
|||
stages:
|
||||
- build
|
||||
- security
|
||||
- ops
|
||||
- deploy
|
||||
|
||||
|
|
@ -20,6 +21,36 @@ build:
|
|||
- dotnet test Tests
|
||||
- dotnet publish --version-suffix ${CI_COMMIT_SHA:0:8} --configuration Release -o Binaries ./
|
||||
|
||||
sast:
|
||||
stage: security
|
||||
image: docker:stable
|
||||
variables:
|
||||
DOCKER_DRIVER: overlay2
|
||||
allow_failure: true
|
||||
services:
|
||||
- docker:stable-dind
|
||||
script:
|
||||
- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
||||
- |
|
||||
docker run \
|
||||
--env SAST_ANALYZER_IMAGES \
|
||||
--env SAST_ANALYZER_IMAGE_PREFIX \
|
||||
--env SAST_ANALYZER_IMAGE_TAG \
|
||||
--env SAST_DEFAULT_ANALYZERS \
|
||||
--env SAST_BRAKEMAN_LEVEL \
|
||||
--env SAST_GOSEC_LEVEL \
|
||||
--env SAST_FLAWFINDER_LEVEL \
|
||||
--env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
|
||||
--env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
|
||||
--env SAST_RUN_ANALYZER_TIMEOUT \
|
||||
--volume "$PWD:/code" \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
|
||||
dependencies: []
|
||||
artifacts:
|
||||
reports:
|
||||
sast: gl-sast-report.json
|
||||
|
||||
sentry:
|
||||
stage: ops
|
||||
image: getsentry/sentry-cli
|
||||
|
|
|
|||
Loading…
Reference in a new issue