diff --git a/{{cookiecutter.project_slug}}/.gitlab-ci.yml b/{{cookiecutter.project_slug}}/.gitlab-ci.yml index 6e41df262ba9bd8bf503348f2bd4488f00444e3e..49fdfb6779ba8c31379d05f9c45bbc09999db33c 100644 --- a/{{cookiecutter.project_slug}}/.gitlab-ci.yml +++ b/{{cookiecutter.project_slug}}/.gitlab-ci.yml @@ -21,6 +21,10 @@ stages: variables: PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" +include: + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml # Prepare image to run ci on trigger_prepare: @@ -52,6 +56,22 @@ run_pylint: # script: # - echo "build fortran/c/cpp extension source code" +sast: + variables: + SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit, + pmd-apex, security-code-scan, sobelow, spotbugs + stage: test + +dependency_scanning: + # override default before_script, job won't have Python available + before_script: + - uname + +secret_detection: + # override default before_script, job won't have Python available + before_script: + - uname + # Basic setup for all Python versions for which we don't have a base image .run_unit_test_version_base: before_script: