Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist
This commit is contained in:
parent
bc5da952ce
commit
a55e5b2b24
|
|
@ -1,29 +1,28 @@
|
||||||
# Select what we should cache between builds
|
# You can override the included template(s) by including variable overrides
|
||||||
|
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
||||||
|
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
|
||||||
|
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
|
||||||
|
# Note that environment variables can be set in several places
|
||||||
|
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
|
||||||
cache:
|
cache:
|
||||||
paths:
|
paths:
|
||||||
- vendor/
|
- vendor/
|
||||||
variables:
|
variables:
|
||||||
XDEBUG_MODE: coverage
|
XDEBUG_MODE: coverage
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- apt-get update -yqq
|
- >
|
||||||
- apt-get upgrade -yqq
|
if [ "$CI_JOB_STAGE" != "security" ]; then
|
||||||
- apt-get install -yqq git libzip-dev unzip zip libpcre3-dev
|
apt-get update -yqq && apt-get upgrade -yqq && apt-get install -yqq git libzip-dev unzip zip libpcre3-dev && docker-php-ext-install zip && pecl install xdebug && docker-php-ext-enable xdebug
|
||||||
# Install PHP extensions
|
fi
|
||||||
- docker-php-ext-install zip
|
|
||||||
# Install & enable Xdebug for code coverage reports
|
|
||||||
- pecl install xdebug
|
|
||||||
- docker-php-ext-enable xdebug
|
|
||||||
- >
|
- >
|
||||||
if [ "$CI_JOB_NAME" == "test:7.4" ] || [ "$CI_JOB_NAME" == "test:8.0" ]; then
|
if [ "$CI_JOB_NAME" == "test:7.4" ] || [ "$CI_JOB_NAME" == "test:8.0" ]; then
|
||||||
pecl install ds && docker-php-ext-enable ds
|
pecl install ds && docker-php-ext-enable ds
|
||||||
fi
|
fi
|
||||||
# Install and run Composer
|
- >
|
||||||
- curl -sS https://getcomposer.org/installer | php
|
if [ "$CI_JOB_STAGE" != "security" ]; then
|
||||||
- php composer.phar install
|
curl -sS https://getcomposer.org/installer | php
|
||||||
|
php composer.phar install
|
||||||
# Run our tests
|
fi
|
||||||
# If Xdebug was installed you can generate a coverage report and see code coverage metrics.
|
|
||||||
test:7.4:
|
test:7.4:
|
||||||
only:
|
only:
|
||||||
- branches
|
- branches
|
||||||
|
|
@ -53,6 +52,14 @@ test:8.0-without-ext-ds:
|
||||||
- branches
|
- branches
|
||||||
tags:
|
tags:
|
||||||
- default
|
- default
|
||||||
image: php:7.4
|
image: php:8.0
|
||||||
script:
|
script:
|
||||||
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
|
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
|
||||||
|
stages:
|
||||||
|
- test
|
||||||
|
- security
|
||||||
|
sast:
|
||||||
|
image: ubuntu:latest
|
||||||
|
stage: security
|
||||||
|
include:
|
||||||
|
- template: Security/SAST.gitlab-ci.yml
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue