diff options
author | Paul Okstad <pokstad@gitlab.com> | 2020-11-23 19:59:01 +0300 |
---|---|---|
committer | Paul Okstad <pokstad@gitlab.com> | 2020-11-23 19:59:01 +0300 |
commit | fb8b1e2c5d0a9cbda09641d7228f59aeed166698 (patch) | |
tree | 1dc40bb7bd3d27d12465b483f708a1eead5c0914 /.gitlab-ci.yml | |
parent | 4ee9d679e206db71be11ec36cddbfc2ca8ee4965 (diff) | |
parent | 716e4b0273f0c20845fada518b074f1e00a1fd46 (diff) |
Merge branch 'ci-enable-secret-detection' into 'master'
Enable security related CI jobs
See merge request gitlab-org/gitaly!2785
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d48fd12b3..2b9f51898 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,6 +23,7 @@ include: - template: Security/SAST.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/Coverage-Fuzzing.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml danger-review: image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger @@ -230,14 +231,44 @@ docker-tag: gosec-sast: before_script: - apk add pkgconfig libgit2-dev gcc libc-dev + rules: + - if: $SAST_DISABLED + when: never + - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_MERGE_REQUEST_IID + - if: $CI_COMMIT_TAG license_scanning: before_script: - sudo apt-get update - sudo apt-get install -y libicu-dev libgit2-dev cmake + rules: + - if: $LICENSE_SCANNING_DISABLED + when: never + - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_MERGE_REQUEST_IID + - if: $CI_COMMIT_TAG variables: LICENSE_FINDER_CLI_OPTS: '--aggregate-paths=. ruby' +gemnasium-dependency_scanning: + rules: + - if: $DEPENDENCY_SCANNING_DISABLED + when: never + - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_MERGE_REQUEST_IID + - if: $CI_COMMIT_TAG + +secret_detection: + inherit: + default: false + rules: + - if: $SECRET_DETECTION_DISABLED + when: never + - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_MERGE_REQUEST_IID + - if: $CI_COMMIT_TAG + praefect_sql_connect: <<: *test_definition services: |