Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-04 12:06:21 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-04 12:06:21 +0300
commit: 2b7a5214342baa2575b35868316ea9413d2afe1f (patch)
tree: f80a862f7fa382620b8f8a695d07b6d1734fc5f5 /lib/gitlab/ci
parent: 15a2d004be2f79160752d77f701c0f08e7f96973 (diff)
1 files changed, 66 insertions, 0 deletions
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index c8930bc6263..53ba9792bd0 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -4,6 +4,12 @@
 # List of the variables: https://gitlab.com/gitlab-org/security-products/dependency-scanning#settings
 # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
 
+variables:
+  DS_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
+  DS_DEFAULT_ANALYZERS: "gemnasium, retire.js, gemnasium-python, gemnasium-maven, bundler-audit"
+  DS_MAJOR_VERSION: 2
+  DS_DISABLE_DIND: "false"
+
 dependency_scanning:
   stage: test
   image: docker:stable
@@ -61,3 +67,63 @@ dependency_scanning:
   except:
     variables:
       - $DEPENDENCY_SCANNING_DISABLED
+      - $DS_DISABLE_DIND == 'true'
+
+.analyzer:
+  extends: dependency_scanning
+  services: []
+  except:
+    variables:
+      - $DS_DISABLE_DIND == 'false'
+  script:
+    - /analyzer run
+
+gemnasium-dependency_scanning:
+  extends: .analyzer
+  image:
+    name: "$DS_ANALYZER_IMAGE_PREFIX/gemnasium:$DS_MAJOR_VERSION"
+  only:
+    variables:
+      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
+        $DS_DEFAULT_ANALYZERS =~ /gemnasium/ &&
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby|javascript|php/
+
+gemnasium-maven-dependency_scanning:
+  extends: .analyzer
+  image:
+    name: "$DS_ANALYZER_IMAGE_PREFIX/gemnasium-maven:$DS_MAJOR_VERSION"
+  only:
+    variables:
+      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
+        $DS_DEFAULT_ANALYZERS =~ /gemnasium-maven/ &&
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjava\b/
+
+gemnasium-python-dependency_scanning:
+  extends: .analyzer
+  image:
+    name: "$DS_ANALYZER_IMAGE_PREFIX/gemnasium-python:$DS_MAJOR_VERSION"
+  only:
+    variables:
+      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
+        $DS_DEFAULT_ANALYZERS =~ /gemnasium-python/ &&
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/
+
+bundler-audit-dependency_scanning:
+  extends: .analyzer
+  image:
+    name: "$DS_ANALYZER_IMAGE_PREFIX/bundler-audit:$DS_MAJOR_VERSION"
+  only:
+    variables:
+      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
+        $DS_DEFAULT_ANALYZERS =~ /bundler-audit/ &&
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/
+
+retire-js-dependency_scanning:
+  extends: .analyzer
+  image:
+    name: "$DS_ANALYZER_IMAGE_PREFIX/retire.js:$DS_MAJOR_VERSION"
+  only:
+    variables:
+      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
+        $DS_DEFAULT_ANALYZERS =~ /retire.js/ &&
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-04 12:06:21 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-04 12:06:21 +0300
commit	2b7a5214342baa2575b35868316ea9413d2afe1f (patch)
tree	f80a862f7fa382620b8f8a695d07b6d1734fc5f5 /lib/gitlab/ci
parent	15a2d004be2f79160752d77f701c0f08e7f96973 (diff)