Commit 33e4e5d3 authored by Dennis Appelt's avatar Dennis Appelt Committed by Rémy Coutable

Add package hunter ci job for gems

parent 4ce9841f
...@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning: ...@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning:
# Analyze dependencies for malicious behavior # Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter # See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
package_hunter: .package_hunter-base:
extends: extends:
- .default-retry - .default-retry
- .reports:rules:package_hunter
stage: test stage: test
image: image:
name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
entrypoint: [""] entrypoint: [""]
variables:
DEBUG: '*'
HTR_user: '$PACKAGE_HUNTER_USER'
HTR_pass: '$PACKAGE_HUNTER_PASS'
needs: [] needs: []
allow_failure: true allow_failure: true
script: before_script:
- rm -r spec locale .git app/assets/images doc/ - rm -r spec locale .git app/assets/images doc/
- cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/ - cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
- DEBUG=* HTR_user=$PACKAGE_HUNTER_USER HTR_pass=$PACKAGE_HUNTER_PASS node /usr/src/app/cli.js analyze --format gitlab gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
artifacts: artifacts:
paths: paths:
- gl-dependency-scanning-report.json - gl-dependency-scanning-report.json
...@@ -108,6 +110,20 @@ package_hunter: ...@@ -108,6 +110,20 @@ package_hunter:
dependency_scanning: gl-dependency-scanning-report.json dependency_scanning: gl-dependency-scanning-report.json
expire_in: 1 week expire_in: 1 week
package_hunter-yarn:
extends:
- .package_hunter-base
- .reports:rules:package_hunter-yarn
script:
- node /usr/src/app/cli.js analyze --format gitlab --manager yarn gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
package_hunter-bundler:
extends:
- .package_hunter-base
- .reports:rules:package_hunter-bundler
script:
- node /usr/src/app/cli.js analyze --format gitlab --manager bundler gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
license_scanning: license_scanning:
extends: .default-retry extends: .default-retry
needs: [] needs: []
......
...@@ -1099,7 +1099,7 @@ ...@@ -1099,7 +1099,7 @@
- <<: *if-default-branch-schedule-nightly - <<: *if-default-branch-schedule-nightly
allow_failure: true allow_failure: true
.reports:rules:package_hunter: .reports:rules:package_hunter-yarn:
rules: rules:
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''" - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
when: never when: never
...@@ -1107,6 +1107,14 @@ ...@@ -1107,6 +1107,14 @@
- <<: *if-merge-request - <<: *if-merge-request
changes: ["yarn.lock"] changes: ["yarn.lock"]
.reports:rules:package_hunter-bundler:
rules:
- if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
when: never
- <<: *if-default-branch-schedule-2-hourly
- <<: *if-merge-request
changes: ["Gemfile.lock"]
.reports:rules:license_scanning: .reports:rules:license_scanning:
rules: rules:
- if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/' - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment