Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

3 years ago · a95ec6b3d2
parent aa4cb3f9a8
commit a95ec6b3d2
1 changed files with 26 additions and 55 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,75 +1,46 @@
-# This file is a template, and might need editing before it works on your project.
+# You can override the included template(s) by including variable overrides
-# Official language image. Look for the different tagged releases at:
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
-# https://hub.docker.com/r/library/python/tags/
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
 # Note that environment variables can be set in several places
 # See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
 image: python:3.9.6
 stages:
 - test
 - run
 - package
 # Change pip's cache directory to be inside the project directory since we can
 # only cache local items.
 variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
 # Pip's cache doesn't store the python packages
 # https://pip.pypa.io/en/stable/reference/pip_install/#caching
 #
 # If you want to also cache the installed packages, you have to install
 # them in a virtualenv and cache it as well.
 cache:
  paths:
-    - .cache/pip
+  - ".cache/pip"
-    - venv/
+  - venv/
 #before_script:
 #  - python -V  # Print out python version for debugging
 #  - pip install virtualenv
 #  - virtualenv venv
 #  - source venv/bin/activate
 #  - pip install -r requirements.txt
 test:
  stage: test
  script:
-      - echo "TEST"
+  - echo "TEST"
    # - python setup.py test
    # - pip install tox flake8  # you can also use tox
    # - tox -e py36,flake8
 run:
  stage: run
  script:
-    - python -V  # Print out python version for debugging
+  - python -V
-    - pip install virtualenv
+  - pip install virtualenv
-    - virtualenv venv
+  - virtualenv venv
-    - source venv/bin/activate
+  - source venv/bin/activate
-    - pip install -r requirements.txt
+  - pip install -r requirements.txt
-    - python test.py
+  - python test.py
 docker:
  tags:
-    - shell
+  - shell
  stage: package
  only:
-    - master
+  - master
  script:
-    - echo "package docker"
+  - echo "package docker"
-    - docker info
+  - docker info
-    - docker login -u echo0821 -p Lkq2mapp565688 registry.hub.docker.com
+  - docker login -u echo0821 -p Lkq2mapp565688 registry.hub.docker.com
-    - docker build -t registry.hub.docker.com/echo0821/web-methodology:latest .
+  - docker build -t registry.hub.docker.com/echo0821/web-methodology:latest .
-    - docker push registry.hub.docker.com/echo0821/web-methodology:latest
+  - docker push registry.hub.docker.com/echo0821/web-methodology:latest
-    - docker rmi registry.hub.docker.com/echo0821/web-methodology
+  - docker rmi registry.hub.docker.com/echo0821/web-methodology
-#    - docker tag registry.hub.docker.com/echo0821/web-project:latest registry.heroku.com/comp3019j-web-dev/web
+sast:
-#    - docker push registry.heroku.com/comp3019j-web-dev/web
+  stage: test
-
+include:
-# pages:
+- template: Security/SAST.gitlab-ci.yml
 #   script:
 #     - pip install sphinx sphinx-rtd-theme
 #     - cd doc ; make html
 #     - mv build/html/ ../public/
 #   artifacts:
 #     paths:
 #       - public
 #   rules:
 #     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH