Commit 019c5f55 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'da/add-package-hunter-job-bundler' into 'master'

Add package hunter ci job for gems

See merge request gitlab-org/gitlab!62086
parents 8ba3b727 33e4e5d3
......@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning:
# Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
package_hunter:
.package_hunter-base:
extends:
- .default-retry
- .reports:rules:package_hunter
stage: test
image:
name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
entrypoint: [""]
variables:
DEBUG: '*'
HTR_user: '$PACKAGE_HUNTER_USER'
HTR_pass: '$PACKAGE_HUNTER_PASS'
needs: []
allow_failure: true
script:
before_script:
- rm -r spec locale .git app/assets/images doc/
- cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
- DEBUG=* HTR_user=$PACKAGE_HUNTER_USER HTR_pass=$PACKAGE_HUNTER_PASS node /usr/src/app/cli.js analyze --format gitlab gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
artifacts:
paths:
- gl-dependency-scanning-report.json
......@@ -108,6 +110,20 @@ package_hunter:
dependency_scanning: gl-dependency-scanning-report.json
expire_in: 1 week
package_hunter-yarn:
extends:
- .package_hunter-base
- .reports:rules:package_hunter-yarn
script:
- node /usr/src/app/cli.js analyze --format gitlab --manager yarn gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
package_hunter-bundler:
extends:
- .package_hunter-base
- .reports:rules:package_hunter-bundler
script:
- node /usr/src/app/cli.js analyze --format gitlab --manager bundler gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
license_scanning:
extends: .default-retry
needs: []
......
......@@ -1099,7 +1099,7 @@
- <<: *if-default-branch-schedule-nightly
allow_failure: true
.reports:rules:package_hunter:
.reports:rules:package_hunter-yarn:
rules:
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
when: never
......@@ -1107,6 +1107,14 @@
- <<: *if-merge-request
changes: ["yarn.lock"]
.reports:rules:package_hunter-bundler:
rules:
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
when: never
- <<: *if-default-branch-schedule-2-hourly
- <<: *if-merge-request
changes: ["Gemfile.lock"]
.reports:rules:license_scanning:
rules:
- if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment