-
Notifications
You must be signed in to change notification settings - Fork 79
/
.gitlab-ci.yml
45 lines (41 loc) · 932 Bytes
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
---
# Pipeline template
# Includes several jobs
include:
- project: tooling/ci-templates
ref: main
file:
- detect-secrets.gitlab-ci.yml
- hadolint.gitlab-ci.yml
- docker_build.gitlab-ci.yml
- docker_push.gitlab-ci.yml
- dive.gitlab-ci.yml
- dockle.gitlab-ci.yml
- dependency-check.gitlab-ci.yml
- test.gitlab-ci.yml
variables:
IMAGE_NAMESPACE: gofwd
IMAGE_REPOSITORY: ${IMAGE_NAMESPACE}/analyze_hosts
IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
IMAGE_TAR: ${IMAGE_TAG}.tgz
# Don't mind the container being run as root
DOCKLE_PARMS: "--ignore CIS-DI-0001"
stages:
# security checks that don't need build
- sast
# build the image
- build
# security checks after build
- security_testing
# test build
- test
# push build
- push
.sast:
stage: sast
.security_testing:
stage: security_testing
needs:
- build
variables:
GIT_STRATEGY: none