From b90666ffec05e75c093814fde98607d541784f89 Mon Sep 17 00:00:00 2001 From: Dantali0n <info@dantalion.nl> Date: Fri, 29 Sep 2023 15:25:02 +0200 Subject: [PATCH] Enable security features --- .gitlab-ci.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4127f8c..d116b3b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,11 @@ # Copyright (C) ASTRON (Netherlands Institute for Radio Astronomy) # SPDX-License-Identifier: Apache-2.0 -include: .gitlab-ci.common.yml +include: + - .gitlab-ci.common.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml format: stage: linting @@ -28,6 +32,22 @@ tidy: - cmake -DCMAKE_CXX_CLANG_TIDY=clang-tidy -G Ninja .. - ninja +sast: + variables: + SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit, + pmd-apex, sobelow, spotbugs + stage: test + +dependency_scanning: + # override default before_script, job won't have Python available + before_script: + - uname + +secret_detection: + # override default before_script, job won't have Python available + before_script: + - uname + test: stage: test needs: ["versioning", "build-docker-ubuntu-22.04"] -- GitLab