move CI configuration to the end, maybe fix generation errors?
This commit is contained in:
Hazelnoot
parent
c9dcb405c8
commit
3d5b0c1847
1 changed files with 38 additions and 39 deletions
|
|
@ -1,42 +1,3 @@
|
|||
# https://docs.gitlab.com/user/application_security/sast/
|
||||
include:
|
||||
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
|
||||
- template: Jobs/Container-Scanning.latest.gitlab-ci.yml
|
||||
- template: Jobs/SAST.latest.gitlab-ci.yml
|
||||
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/experiment_libbehave_dependency/
|
||||
# https://gitlab.com/gitlab-org/security-products/demos/experiments/libbehave/npm-demo/-/blob/add_dependencies/.gitlab-ci.yml?ref_type=heads#L6
|
||||
# https://stackoverflow.com/a/70360201
|
||||
- component: $CI_SERVER_FQDN/TransFem-org/libbehave/libbehave@v0.1.0
|
||||
rules:
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
|
||||
|
||||
variables:
|
||||
# https://docs.gitlab.com/user/application_security/sast/gitlab_advanced_sast
|
||||
GITLAB_ADVANCED_SAST_ENABLED: 'true'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/sast/#vulnerability-filters
|
||||
# https://stackoverflow.com/a/71111784
|
||||
SAST_EXCLUDED_PATHS: 'spec,test,test-d,test-federation,test-server,tests,tmp,cypress,coverage,node_modules,build,built,built-js,*.min.js,megalodon/lib,libopenmpt'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/migration_guide_to_sbom_based_scans/
|
||||
DS_ENFORCE_NEW_ANALYZER: 'true'
|
||||
DS_MAX_DEPTH: 8
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/static_reachability/
|
||||
DS_STATIC_REACHABILITY_ENABLED: true
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/detect/security_configuration/#use-security-scanning-tools-with-merge-request-pipelines
|
||||
AST_ENABLE_MR_PIPELINES: 'true'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
|
||||
# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
|
||||
container_scanning:
|
||||
variables:
|
||||
AST_ENABLE_MR_PIPELINES: 'false'
|
||||
CS_IMAGE: ${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}
|
||||
stage: deploy
|
||||
|
||||
stages:
|
||||
- test
|
||||
- deploy
|
||||
|
|
@ -176,3 +137,41 @@ merge_image_manifests:
|
|||
- stable
|
||||
- develop
|
||||
- tags
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/sast/
|
||||
include:
|
||||
- template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
|
||||
- template: Jobs/Container-Scanning.latest.gitlab-ci.yml
|
||||
- template: Jobs/SAST.latest.gitlab-ci.yml
|
||||
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/experiment_libbehave_dependency/
|
||||
# https://gitlab.com/gitlab-org/security-products/demos/experiments/libbehave/npm-demo/-/blob/add_dependencies/.gitlab-ci.yml?ref_type=heads#L6
|
||||
# https://stackoverflow.com/a/70360201
|
||||
- component: $CI_SERVER_FQDN/TransFem-org/libbehave/libbehave@v0.1.0
|
||||
rules:
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
|
||||
variables:
|
||||
# https://docs.gitlab.com/user/application_security/sast/gitlab_advanced_sast
|
||||
GITLAB_ADVANCED_SAST_ENABLED: 'true'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/sast/#vulnerability-filters
|
||||
# https://stackoverflow.com/a/71111784
|
||||
SAST_EXCLUDED_PATHS: 'spec,test,test-d,test-federation,test-server,tests,tmp,cypress,coverage,node_modules,build,built,built-js,*.min.js,megalodon/lib,libopenmpt'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/migration_guide_to_sbom_based_scans/
|
||||
DS_ENFORCE_NEW_ANALYZER: 'true'
|
||||
DS_MAX_DEPTH: 8
|
||||
# https://docs.gitlab.com/user/application_security/dependency_scanning/static_reachability/
|
||||
DS_STATIC_REACHABILITY_ENABLED: true
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/detect/security_configuration/#use-security-scanning-tools-with-merge-request-pipelines
|
||||
AST_ENABLE_MR_PIPELINES: 'true'
|
||||
|
||||
# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
|
||||
# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
|
||||
container_scanning:
|
||||
variables:
|
||||
AST_ENABLE_MR_PIPELINES: 'false'
|
||||
CS_IMAGE: ${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}
|
||||
stage: deploy
|
||||
Loading…
Add table
Add a link
Reference in a new issue