diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-17 03:08:52 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-17 03:08:52 +0300 |
| commit | 159a7788ca18140da04e24c45ab557da99864789 (patch) | |
| tree | 929bc82d0fbdd8fdcd6b522bc1e1f9bcb71db3a8 /.gitlab | |
| parent | cffe2c2c348d86d67298fa6516d49c36d696ab2d (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to '.gitlab')
| -rw-r--r-- | .gitlab/ci/reports.gitlab-ci.yml | 5 | ||||
| -rw-r--r-- | .gitlab/ci/rules.gitlab-ci.yml | 8 |
2 files changed, 10 insertions, 3 deletions
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index e74831a08f0..107f37ed47d 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -82,9 +82,8 @@ secret_detection: expire_in: 1 week # GitLab-specific gemnasium-dependency_scanning: - before_script: - # git-lfs is needed for auto-remediation - - apk add git-lfs + variables: + DS_REMEDIATE: "false" rules: !reference [".reports:rules:gemnasium-dependency_scanning", rules] gemnasium-python-dependency_scanning: diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 7fd7a02873d..37593ffd2fc 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -1495,24 +1495,32 @@ rules: - if: '$SECRET_DETECTION_DISABLED' when: never + # Scan each commit on master to feed the Vulnerability Reports with detected secrets + - <<: *if-default-branch-refs - changes: *code-backstage-qa-patterns .reports:rules:gemnasium-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *dependency-patterns .reports:rules:gemnasium-python-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/ || $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *python-patterns .reports:rules:yarn-audit-dependency_scanning: rules: - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/' when: never + # Run Dependency Scanning on master until https://gitlab.com/gitlab-org/gitlab/-/issues/361657 is resolved + - <<: *if-default-branch-refs - changes: *nodejs-patterns .reports:rules:schedule-dast: |