From b2e2ee4d580c94c5344a2d8d719ce167cae88981 Mon Sep 17 00:00:00 2001
From: Dantali0n <info@dantalion.nl>
Date: Fri, 29 Sep 2023 15:00:20 +0200
Subject: [PATCH] Enable security dashboards

---
 .gitlab-ci.yml                               |  5 +++++
 {{cookiecutter.project_slug}}/.gitlab-ci.yml | 22 ++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fd45bbf..1650b82 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,11 @@ default:
     - cookiecutter --no-input --overwrite-if-exists --output-dir . .
     - cd my_awesome_app
 
+# Override semgrep-sast before script
+sast:
+  before_script:
+    - python --version # For debugging
+
 # Override unit test before script
 .run_unit_test_version_base:
   before_script:
diff --git a/{{cookiecutter.project_slug}}/.gitlab-ci.yml b/{{cookiecutter.project_slug}}/.gitlab-ci.yml
index 1498ae3..1fb825d 100644
--- a/{{cookiecutter.project_slug}}/.gitlab-ci.yml
+++ b/{{cookiecutter.project_slug}}/.gitlab-ci.yml
@@ -20,6 +20,12 @@ variables:
   PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
 
 
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+
+
 # Prepare image to run ci on
 trigger_prepare:
   stage: prepare
@@ -45,6 +51,22 @@ run_pylint:
     - tox -e pylint
   allow_failure: true
 
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, sobelow, spotbugs
+  stage: test
+
+dependency_scanning:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
+secret_detection:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
 # Basic setup for all Python versions for which we don't have a base image
 .run_unit_test_version_base:
   before_script:
-- 
GitLab