From b90666ffec05e75c093814fde98607d541784f89 Mon Sep 17 00:00:00 2001
From: Dantali0n <info@dantalion.nl>
Date: Fri, 29 Sep 2023 15:25:02 +0200
Subject: [PATCH] Enable security features

---
 .gitlab-ci.yml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4127f8c..d116b3b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,11 @@
 # Copyright (C) ASTRON (Netherlands Institute for Radio Astronomy)
 # SPDX-License-Identifier: Apache-2.0
 
-include: .gitlab-ci.common.yml
+include:
+  - .gitlab-ci.common.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 
 format:
   stage: linting
@@ -28,6 +32,22 @@ tidy:
     - cmake -DCMAKE_CXX_CLANG_TIDY=clang-tidy -G Ninja ..
     - ninja
 
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, sobelow, spotbugs
+  stage: test
+
+dependency_scanning:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
+secret_detection:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
 test:
   stage: test
   needs: ["versioning", "build-docker-ubuntu-22.04"]
-- 
GitLab