Skip to content
Snippets Groups Projects
Select Git revision
  • 160831d946357b062668e5dcbf27fc36b165ebd5
  • main default protected
  • 3.1.7
  • 3.1.6
  • 3.1.5
  • 3.1.4
  • 3.1.3
  • 3.1.2
  • 3.1.1
  • 3.1.0
  • 2.14.0
  • 2.13.5
  • 2.13.4
  • 2.13.3
  • 2.13.2
  • 2.13.0
  • 2.12.1
  • 2.12.0
  • 2.11.0
  • 2.10.1
  • 2.10.0
  • 2.9.1
22 results

Dependency-Scanning.gitlab-ci.yml

Blame
    • Dependency-Scanning.gitlab-ci.yml 4.35 KiB 
    # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
#
# Configure the scanning tool through the environment variables.
# List of the variables: https://gitlab.com/gitlab-org/security-products/dependency-scanning#settings
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables

variables:
  DS_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
  DS_DEFAULT_ANALYZERS: "bundler-audit, retire.js, gemnasium, gemnasium-maven, gemnasium-python"
  DS_MAJOR_VERSION: 2
  DS_DISABLE_DIND: "false"

dependency_scanning:
  stage: test
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  allow_failure: true
  services:
    - docker:stable-dind
  script:
    - export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
    - |
      if ! docker info &>/dev/null; then
        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
          export DOCKER_HOST='tcp://localhost:2375'
        fi
      fi
    - | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
      function propagate_env_vars() {
        CURRENT_ENV=$(printenv)

        for VAR_NAME; do
          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
        done
      }
    - |
      docker run \
        $(propagate_env_vars \
          DS_ANALYZER_IMAGES \
          DS_ANALYZER_IMAGE_PREFIX \
          DS_ANALYZER_IMAGE_TAG \
          DS_DEFAULT_ANALYZERS \
          DS_EXCLUDED_PATHS \
          DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
          DS_PULL_ANALYZER_IMAGE_TIMEOUT \
          DS_RUN_ANALYZER_TIMEOUT \
          DS_PYTHON_VERSION \
          DS_PIP_VERSION \
          DS_PIP_DEPENDENCY_PATH \
          GEMNASIUM_DB_LOCAL_PATH \
          GEMNASIUM_DB_REMOTE_URL \
          GEMNASIUM_DB_REF_NAME \
          PIP_INDEX_URL \
          PIP_EXTRA_INDEX_URL \
          PIP_REQUIREMENTS_FILE \
          MAVEN_CLI_OPTS \
          BUNDLER_AUDIT_UPDATE_DISABLED \
        ) \
        --volume "$PWD:/code" \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
  dependencies: []
  only:
    refs:
      - branches