Merge branch 'enable-security-features' into 'main'

Enable security dashboard features See merge request !24

Merge branch 'enable-security-features' into 'main'
2d1ffc66 · Klaas Kliffen · 81437c6a · e95d37c3 · 2d1ffc66 · 2d1ffc66
Commit 2d1ffc66 authored Oct 5, 2023 by Klaas Kliffen
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,6 +15,11 @@ default:
    - cd my_awesome_app
    - git init
+# Override semgrep-sast before script
+sast:
+  before_script:
+    - python --version # For debugging
    # Override unit test before script
 .run_unit_test_version_base:
  before_script:

--- a/{{cookiecutter.project_slug}}/.gitlab-ci.yml
+++ b/{{cookiecutter.project_slug}}/.gitlab-ci.yml
@@ -21,6 +21,10 @@ stages:
 variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 # Prepare image to run ci on
 trigger_prepare:
@@ -52,6 +56,22 @@ run_pylint:
 #   script:
 #     - echo "build fortran/c/cpp extension source code"
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, security-code-scan, sobelow, spotbugs
+  stage: test
+dependency_scanning:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+secret_detection:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
 # Basic setup for all Python versions for which we don't have a base image
 .run_unit_test_version_base:
  before_script: