Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
33e4e5d3
Commit
33e4e5d3
authored
Jul 06, 2021
by
Dennis Appelt
Committed by
Rémy Coutable
Jul 06, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add package hunter ci job for gems
parent
4ce9841f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
29 additions
and
5 deletions
+29
-5
.gitlab/ci/reports.gitlab-ci.yml
.gitlab/ci/reports.gitlab-ci.yml
+20
-4
.gitlab/ci/rules.gitlab-ci.yml
.gitlab/ci/rules.gitlab-ci.yml
+9
-1
No files found.
.gitlab/ci/reports.gitlab-ci.yml
View file @
33e4e5d3
...
@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning:
...
@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning:
# Analyze dependencies for malicious behavior
# Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
package_hunter
:
.package_hunter-base
:
extends
:
extends
:
-
.default-retry
-
.default-retry
-
.reports:rules:package_hunter
stage
:
test
stage
:
test
image
:
image
:
name
:
registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
name
:
registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
entrypoint
:
[
"
"
]
entrypoint
:
[
"
"
]
variables
:
DEBUG
:
'
*'
HTR_user
:
'
$PACKAGE_HUNTER_USER'
HTR_pass
:
'
$PACKAGE_HUNTER_PASS'
needs
:
[]
needs
:
[]
allow_failure
:
true
allow_failure
:
true
script
:
before_
script
:
-
rm -r spec locale .git app/assets/images doc/
-
rm -r spec locale .git app/assets/images doc/
-
cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
-
cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
-
DEBUG=* HTR_user=$PACKAGE_HUNTER_USER HTR_pass=$PACKAGE_HUNTER_PASS node /usr/src/app/cli.js analyze --format gitlab gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
artifacts
:
artifacts
:
paths
:
paths
:
-
gl-dependency-scanning-report.json
-
gl-dependency-scanning-report.json
...
@@ -108,6 +110,20 @@ package_hunter:
...
@@ -108,6 +110,20 @@ package_hunter:
dependency_scanning
:
gl-dependency-scanning-report.json
dependency_scanning
:
gl-dependency-scanning-report.json
expire_in
:
1 week
expire_in
:
1 week
package_hunter-yarn
:
extends
:
-
.package_hunter-base
-
.reports:rules:package_hunter-yarn
script
:
-
node /usr/src/app/cli.js analyze --format gitlab --manager yarn gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
package_hunter-bundler
:
extends
:
-
.package_hunter-base
-
.reports:rules:package_hunter-bundler
script
:
-
node /usr/src/app/cli.js analyze --format gitlab --manager bundler gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
license_scanning
:
license_scanning
:
extends
:
.default-retry
extends
:
.default-retry
needs
:
[]
needs
:
[]
...
...
.gitlab/ci/rules.gitlab-ci.yml
View file @
33e4e5d3
...
@@ -1099,7 +1099,7 @@
...
@@ -1099,7 +1099,7 @@
-
<<
:
*if-default-branch-schedule-nightly
-
<<
:
*if-default-branch-schedule-nightly
allow_failure
:
true
allow_failure
:
true
.reports:rules:package_hunter:
.reports:rules:package_hunter
-yarn
:
rules
:
rules
:
-
if
:
"
$PACKAGE_HUNTER_USER
==
null
||
$PACKAGE_HUNTER_USER
==
''"
-
if
:
"
$PACKAGE_HUNTER_USER
==
null
||
$PACKAGE_HUNTER_USER
==
''"
when
:
never
when
:
never
...
@@ -1107,6 +1107,14 @@
...
@@ -1107,6 +1107,14 @@
-
<<
:
*if-merge-request
-
<<
:
*if-merge-request
changes
:
[
"
yarn.lock"
]
changes
:
[
"
yarn.lock"
]
.reports:rules:package_hunter-bundler:
rules
:
-
if
:
"
$PACKAGE_HUNTER_USER
==
null
||
$PACKAGE_HUNTER_USER
==
''"
when
:
never
-
<<
:
*if-default-branch-schedule-2-hourly
-
<<
:
*if-merge-request
changes
:
[
"
Gemfile.lock"
]
.reports:rules:license_scanning:
.reports:rules:license_scanning:
rules
:
rules
:
-
if
:
'
$LICENSE_SCANNING_DISABLED
||
$GITLAB_FEATURES
!~
/\blicense_scanning\b/'
-
if
:
'
$LICENSE_SCANNING_DISABLED
||
$GITLAB_FEATURES
!~
/\blicense_scanning\b/'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment