Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml')
-rw-r--r--lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml47
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml b/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
new file mode 100644
index 00000000000..6dbd0ce9561
--- /dev/null
+++ b/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
@@ -0,0 +1,47 @@
+# This template is provided and maintained by Qualys Inc., an official Technology Partner with GitLab.
+# See https://about.gitlab.com/partners/technology-partners/#security for more information.
+#
+# This template shows how to use Qualys IaC Scan with a GitLab CI/CD pipeline.
+# Qualys and GitLab users can use this to scan their IaC templates for misconfigurations.
+# Documentation about this integration: https://www.qualys.com/documentation/qualys-iac-gitlab-integration.pdf
+#
+# This template should not need editing to work in your project.
+# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword.
+#
+# The `qualys_iac_sast` job runs for branch (push) pipelines, including scheduled
+# and manually run branch pipelines.
+#
+# The sast-report output complies with GitLab's format. This report displays Qualys IaC Scan's
+# results in the Security tab in the pipeline view, if you have that feature enabled (GitLab Ultimate only).
+# The Qualys IaC Scan output is available in the Jobs tab in the pipeline view.
+#
+# Requirements:
+# Before you can use this template, add the following CI/CD variables to your
+# project CI/CD settings:
+#
+# - QUALYS_URL: The Qualys guard URL.
+# - QUALYS_USERNAME: The Qualys username.
+# - QUALYS_PASSWORD: The Qualys password. Make this variable masked.
+# - BREAK_ON_ERROR: (optional) If you don't want the pipeline to fail on an error,
+# then add this variable and set it to "false". Otherwise set it
+# to "true", or omit the variable.
+
+stages:
+ - build
+ - test
+ - qualys_iac_scan
+ - deploy
+
+qualys_iac_sast:
+ stage: qualys_iac_scan
+ image:
+ name: qualys/qiac_security_cli:latest
+ entrypoint: [""]
+ script:
+ - sh /home/qiac/gitlab.sh
+ artifacts:
+ name: "qualys-iac-sast-artifacts"
+ paths:
+ - qualys_iac_ci_result.json
+ reports:
+ sast: gl-sast-qualys-iac-ci-report.json
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 10:21:18 +0300