Skip to content
Snippets Groups Projects
Commit b90666ff authored by Corné Lukken's avatar Corné Lukken
Browse files

Enable security features

parent b7fc6267
No related branches found
No related tags found
3 merge requests!8Convert cookiecutter,!7Expand documentation and enable security dashboards,!6Enable security dashboard
Pipeline #59628 waiting for manual action
Stage: versioning
Stage: prepare
Stage: linting
Stage: build
Stage: test
Stage: pages
Stage: deploy
Show whitespace changes
Inline Side-by-side
Showing
with 21 additions and 1 deletion
.gitlab-ci.yml
+ 21
1
View file @ b90666ff
# Copyright (C) ASTRON (Netherlands Institute for Radio Astronomy) # Copyright (C) ASTRON (Netherlands Institute for Radio Astronomy)
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
include: .gitlab-ci.common.yml include:
- .gitlab-ci.common.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
format: format:
stage: linting stage: linting
...@@ -28,6 +32,22 @@ tidy: ...@@ -28,6 +32,22 @@ tidy:
- cmake -DCMAKE_CXX_CLANG_TIDY=clang-tidy -G Ninja .. - cmake -DCMAKE_CXX_CLANG_TIDY=clang-tidy -G Ninja ..
- ninja - ninja
sast:
variables:
SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
pmd-apex, sobelow, spotbugs
stage: test
dependency_scanning:
# override default before_script, job won't have Python available
before_script:
- uname
secret_detection:
# override default before_script, job won't have Python available
before_script:
- uname
test: test:
stage: test stage: test
needs: ["versioning", "build-docker-ubuntu-22.04"] needs: ["versioning", "build-docker-ubuntu-22.04"]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment