diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-20 03:06:22 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-20 03:06:22 +0300 |
commit | 5a3f1ba53bf875a73f800909e8559d15dfab4339 (patch) | |
tree | d59abd1b468ae972040f3c0b667877ffc26a61b5 /lib/gitlab/ci | |
parent | 3d5ad15d2bf62ca70b1628afb64c5476e408781c (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/ci')
-rw-r--r-- | lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index c81b4efddbc..75594eeb619 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -6,9 +6,10 @@ variables: SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" - SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex" + SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex, kubesec" SAST_ANALYZER_IMAGE_TAG: 2 SAST_DISABLE_DIND: "false" + SCAN_KUBERNETES_MANIFESTS: "false" sast: stage: test @@ -98,6 +99,16 @@ flawfinder-sast: $SAST_DEFAULT_ANALYZERS =~ /flawfinder/ && $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c)\b/ +kubesec-sast: + extends: .analyzer + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" + only: + variables: + - $GITLAB_FEATURES =~ /\bsast\b/ && + $SAST_DEFAULT_ANALYZERS =~ /kubesec/ && + $SCAN_KUBERNETES_MANIFESTS == 'true' + gosec-sast: extends: .analyzer image: |