Merge branch 'setup_security_products' into 'master'

Setup security products. See merge request gitlab-org/gitlab-shell!201
author: Rémy Coutable <remy@rymai.me> 2018-04-11 13:10:13 +0000
committer: Rémy Coutable <remy@rymai.me> 2018-04-11 13:10:13 +0000
commit: aa1a39a927b2810c07d23920d5035c6143d8c9cc (patch)
tree: 70cd8170945c32c6c27b25e26cbda1c71ee3c181
parent: 3a83767f650f996ef37382a21d05d8ed99873aa1 (diff)
parent: ce62ef0a68dd57d04377cb8231a294aaa9b278a0 (diff)
download: gitlab-shell-aa1a39a927b2810c07d23920d5035c6143d8c9cc.tar.gz
1 files changed, 45 insertions, 11 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c72d00b..7759390 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ rspec:
     - tags
 
 rubocop:
-  script: 
+  script:
     - bundle exec rubocop
   tags:
     - ruby
@@ -57,23 +57,57 @@ go:1.8:
   <<: *go_definition
   image: golang:1.8
 
-codeclimate:
-  before_script: []
-  image: docker:latest
+codequality:
+  image: docker:stable
   variables:
-    DOCKER_DRIVER: overlay
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
   services:
-    - docker:dind
+    - docker:stable-dind
+  before_script: []
   script:
-    - docker pull codeclimate/codeclimate
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SOURCE_CODE="$PWD"
+        --volume "$PWD":/code
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
   artifacts:
     paths: [codeclimate.json]
 
+
 sast:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  before_script: []
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    paths: [gl-sast-report.json]
+
+dependency_scanning:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
   before_script: []
-  image: registry.gitlab.com/gitlab-org/gl-sast:latest
   script:
-    - /app/bin/run .
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
   artifacts:
-    paths: [gl-sast-report.json]
-\ No newline at end of file
+    paths: [gl-dependency-scanning-report.json]
+\ No newline at end of file
author	Rémy Coutable <remy@rymai.me>	2018-04-11 13:10:13 +0000
committer	Rémy Coutable <remy@rymai.me>	2018-04-11 13:10:13 +0000
commit	aa1a39a927b2810c07d23920d5035c6143d8c9cc (patch)
tree	70cd8170945c32c6c27b25e26cbda1c71ee3c181
parent	3a83767f650f996ef37382a21d05d8ed99873aa1 (diff)
parent	ce62ef0a68dd57d04377cb8231a294aaa9b278a0 (diff)
download	gitlab-shell-aa1a39a927b2810c07d23920d5035c6143d8c9cc.tar.gz