From a55e5b2b24620a056eb4c1062865f8f355bfb2c5 Mon Sep 17 00:00:00 2001
From: "R. Eric Wheeler" <sikofitt@gmail.com>
Date: Thu, 29 Jul 2021 18:19:05 +0000
Subject: [PATCH] Configure SAST in `.gitlab-ci.yml`, creating this file if it
 does not already exist

---
 .gitlab-ci.yml | 71 +++++++++++++++++++++++++++-----------------------
 1 file changed, 39 insertions(+), 32 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 628b006..a7e6fa4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,58 +1,65 @@
-# Select what we should cache between builds
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 cache:
   paths:
-    - vendor/
+  - vendor/
 variables:
   XDEBUG_MODE: coverage
-
 before_script:
-  - apt-get update -yqq
-  - apt-get upgrade -yqq
-  - apt-get install -yqq git libzip-dev unzip zip libpcre3-dev
-  # Install PHP extensions
-  - docker-php-ext-install zip
-  # Install & enable Xdebug for code coverage reports
-  - pecl install xdebug
-  - docker-php-ext-enable xdebug
   - >
-    if [ "$CI_JOB_NAME" == "test:7.4" ] || [ "$CI_JOB_NAME" == "test:8.0" ]; then
-      pecl install ds && docker-php-ext-enable ds
+    if [ "$CI_JOB_STAGE" != "security" ]; then
+      apt-get update -yqq && apt-get upgrade -yqq && apt-get install -yqq git libzip-dev unzip zip libpcre3-dev && docker-php-ext-install zip && pecl install xdebug && docker-php-ext-enable xdebug
+    fi
+  - > 
+    if [ "$CI_JOB_NAME" == "test:7.4" ] || [ "$CI_JOB_NAME" == "test:8.0" ]; then
+        pecl install ds && docker-php-ext-enable ds
+    fi
+  - >
+    if [ "$CI_JOB_STAGE" != "security" ]; then  
+      curl -sS https://getcomposer.org/installer | php
+      php composer.phar install
     fi
-  # Install and run Composer
-  - curl -sS https://getcomposer.org/installer | php
-  - php composer.phar install
-
-# Run our tests
-# If Xdebug was installed you can generate a coverage report and see code coverage metrics.
 test:7.4:
   only:
-    - branches
+  - branches
   tags:
-    - default
+  - default
   image: php:7.4
   script:
-    - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
+  - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
 test:7.4-without-ext-ds:
   only:
-    - branches
+  - branches
   tags:
-    - default
+  - default
   image: php:7.4
   script:
-    - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
+  - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
 test:8.0:
   only:
-    - branches
+  - branches
   tags:
-    - default
+  - default
   image: php:8.0
   script:
-    - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
+  - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
 test:8.0-without-ext-ds:
   only:
-    - branches
+  - branches
   tags:
-    - default
-  image: php:7.4
+  - default
+  image: php:8.0
   script:
-    - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
\ No newline at end of file
+  - vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
+stages:
+  - test
+  - security
+sast:
+  image: ubuntu:latest
+  stage: security
+include:
+- template: Security/SAST.gitlab-ci.yml