Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

This commit is contained in:
R. Eric Wheeler 2021-07-29 18:19:05 +00:00
parent bc5da952ce
commit a55e5b2b24
1 changed files with 39 additions and 32 deletions

View File

@ -1,58 +1,65 @@
# Select what we should cache between builds
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
cache:
paths:
- vendor/
- vendor/
variables:
XDEBUG_MODE: coverage
before_script:
- apt-get update -yqq
- apt-get upgrade -yqq
- apt-get install -yqq git libzip-dev unzip zip libpcre3-dev
# Install PHP extensions
- docker-php-ext-install zip
# Install & enable Xdebug for code coverage reports
- pecl install xdebug
- docker-php-ext-enable xdebug
- >
if [ "$CI_JOB_STAGE" != "security" ]; then
apt-get update -yqq && apt-get upgrade -yqq && apt-get install -yqq git libzip-dev unzip zip libpcre3-dev && docker-php-ext-install zip && pecl install xdebug && docker-php-ext-enable xdebug
fi
- >
if [ "$CI_JOB_NAME" == "test:7.4" ] || [ "$CI_JOB_NAME" == "test:8.0" ]; then
pecl install ds && docker-php-ext-enable ds
pecl install ds && docker-php-ext-enable ds
fi
- >
if [ "$CI_JOB_STAGE" != "security" ]; then
curl -sS https://getcomposer.org/installer | php
php composer.phar install
fi
# Install and run Composer
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install
# Run our tests
# If Xdebug was installed you can generate a coverage report and see code coverage metrics.
test:7.4:
only:
- branches
- branches
tags:
- default
- default
image: php:7.4
script:
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
test:7.4-without-ext-ds:
only:
- branches
- branches
tags:
- default
- default
image: php:7.4
script:
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
test:8.0:
only:
- branches
- branches
tags:
- default
- default
image: php:8.0
script:
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
test:8.0-without-ext-ds:
only:
- branches
- branches
tags:
- default
image: php:7.4
- default
image: php:8.0
script:
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
- vendor/bin/phpunit --configuration phpunit.xml --coverage-text --colors=never
stages:
- test
- security
sast:
image: ubuntu:latest
stage: security
include:
- template: Security/SAST.gitlab-ci.yml