Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist

This commit is contained in:
Chris 2021-11-14 17:36:34 +00:00
parent 2ed026ba32
commit 93d0586b6d

View file

@ -1,34 +1,41 @@
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages: stages:
- build - build
- test - test
- release - release
variables: variables:
DEBIAN_FRONTEND: 'noninteractive' DEBIAN_FRONTEND: noninteractive
job-build: job-build:
stage: build stage: build
image: ubuntu:rolling image: ubuntu:rolling
script: script:
- sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list - sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
- apt-get update - apt-get update
- apt-get build-dep -y tint2 - apt-get build-dep -y tint2
- apt-get install -y libgtk-3-dev git - apt-get install -y libgtk-3-dev git
- git clean -ffdx - git clean -ffdx
- mkdir build - mkdir build
- cd build - cd build
- cmake .. - cmake ..
- make -j - make -j
job-release: job-release:
stage: release stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest image: registry.gitlab.com/gitlab-org/release-cli:latest
rules: rules:
- if: $CI_COMMIT_TAG =~ /^v.*/ - if: "$CI_COMMIT_TAG =~ /^v.*/"
script: script:
- echo 'running release_job' - echo 'running release_job'
release: release:
name: 'Release $CI_COMMIT_TAG' name: Release $CI_COMMIT_TAG
description: 'Release $CI_COMMIT_TAG / $CI_COMMIT_SHA' description: Release $CI_COMMIT_TAG / $CI_COMMIT_SHA
tag_name: '$CI_COMMIT_TAG' tag_name: "$CI_COMMIT_TAG"
ref: '$CI_COMMIT_SHA' ref: "$CI_COMMIT_SHA"
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml