Welcome to mirror list, hosted at ThFree Co, Russian Federation.

Qualys-IaC-Security.gitlab-ci.yml « templates « ci « gitlab « lib - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
blob: 60707dd0df0c8dc3333a67f215b0b8b8b654b3c8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

# This template is provided and maintained by Qualys Inc., an official Technology Partner with GitLab.
# See https://about.gitlab.com/partners/technology-partners/#security for more information.
#
# This template shows how to use Qualys IaC Scan with a GitLab CI/CD pipeline.
# Qualys and GitLab users can use this to scan their IaC templates for misconfigurations.
# The IaC templates are uploaded to Qualys Platform for scanning, which returns the results to GitLab for reporting.
# Documentation about this integration: https://www.qualys.com/docs/qualys-iac-security-integration-gitlab.pdf
#
# This template should not need editing to work in your project.
# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword.
#
# The `qualys_iac_sast` job runs for branch (push) pipelines, including scheduled
# and manually run branch pipelines.
#
# The sast-report output complies with GitLab's format. This report displays Qualys IaC Scan's
# results in the Security tab in the pipeline view, if you have that feature enabled (GitLab Ultimate only).
# The Qualys IaC Scan output is available in the Jobs tab in the pipeline view.
#
# Requirements:
# Before you can use this template, add the following CI/CD variables to your
# project CI/CD settings:
#
# - QUALYS_URL: The Qualys guard URL.
# - QUALYS_USERNAME: The Qualys username.
# - QUALYS_PASSWORD: The Qualys password. Make this variable masked.
# - BREAK_ON_ERROR: (optional) If you don't want the pipeline to fail on an error,
#                   then add this variable and set it to "false". Otherwise set it
#                   to "true", or omit the variable.

stages:
  - build
  - test
  - qualys_iac_scan
  - deploy

qualys_iac_sast:
  stage: qualys_iac_scan
  image:
    name: qualys/qiac_security_cli:latest
    entrypoint: [""]
  script:
    - sh /home/qiac/gitlab.sh
  artifacts:
    name: "qualys-iac-sast-artifacts"
    paths:
      - qualys_iac_ci_result.json
    reports:
      sast: gl-sast-qualys-iac-ci-report.json
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 02:57:28 +0300