Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a0869452
Commit
a0869452
authored
Apr 03, 2018
by
Olivier Gonzalez
Committed by
Marcia Ramos
Apr 03, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update Security Products examples documentation
parent
59a15895
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
30 additions
and
6 deletions
+30
-6
doc/ci/examples/code_climate.md
doc/ci/examples/code_climate.md
+4
-3
doc/ci/examples/container_scanning.md
doc/ci/examples/container_scanning.md
+2
-2
doc/ci/examples/dast.md
doc/ci/examples/dast.md
+24
-1
No files found.
doc/ci/examples/code_climate.md
View file @
a0869452
...
@@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali
...
@@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali
```
yaml
```
yaml
codequality
:
codequality
:
image
:
docker:
latest
image
:
docker:
stable
variables
:
variables
:
DOCKER_DRIVER
:
overlay
DOCKER_DRIVER
:
overlay2
allow_failure
:
true
services
:
services
:
-
docker:dind
-
docker:
stable-
dind
script
:
script
:
-
export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-
export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-
docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
-
docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
...
...
doc/ci/examples/container_scanning.md
View file @
a0869452
...
@@ -11,7 +11,7 @@ called `sast:container`:
...
@@ -11,7 +11,7 @@ called `sast:container`:
```
yaml
```
yaml
sast:container:
sast:container:
image
:
docker:
latest
image
:
docker:
stable
variables
:
variables
:
DOCKER_DRIVER
:
overlay2
DOCKER_DRIVER
:
overlay2
## Define two new variables based on GitLab's CI/CD predefined variables
## Define two new variables based on GitLab's CI/CD predefined variables
...
@@ -20,7 +20,7 @@ sast:container:
...
@@ -20,7 +20,7 @@ sast:container:
CI_APPLICATION_TAG
:
$CI_COMMIT_SHA
CI_APPLICATION_TAG
:
$CI_COMMIT_SHA
allow_failure
:
true
allow_failure
:
true
services
:
services
:
-
docker:dind
-
docker:
stable-
dind
script
:
script
:
-
docker run -d --name db arminc/clair-db:latest
-
docker run -d --name db arminc/clair-db:latest
-
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
-
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
...
...
doc/ci/examples/dast.md
View file @
a0869452
...
@@ -14,9 +14,10 @@ called `dast`:
...
@@ -14,9 +14,10 @@ called `dast`:
```
yaml
```
yaml
dast
:
dast
:
image
:
owasp/zap2docker-stable
image
:
registry.gitlab.com/gitlab-org/security-products/zaproxy
variables
:
variables
:
website
:
"
https://example.com"
website
:
"
https://example.com"
allow_failure
:
true
script
:
script
:
-
mkdir /zap/wrk/
-
mkdir /zap/wrk/
-
/zap/zap-baseline.py -J gl-dast-report.json -t $website ||
true
-
/zap/zap-baseline.py -J gl-dast-report.json -t $website ||
true
...
@@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your
...
@@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your
own) and finally write the results in the
`gl-dast-report.json`
file. You can
own) and finally write the results in the
`gl-dast-report.json`
file. You can
then download and analyze the report artifact in JSON format.
then download and analyze the report artifact in JSON format.
It's also possible to authenticate the user before performing DAST checks:
```
yaml
dast
:
image
:
registry.gitlab.com/gitlab-org/security-products/zaproxy
variables
:
website
:
"
https://example.com"
login_url
:
"
https://example.com/sign-in"
allow_failure
:
true
script
:
-
mkdir /zap/wrk/
-
/zap/zap-baseline.py -J gl-dast-report.json -t $website \
--auth-url $login_url \
--auth-username "john.doe@example.com" \
--auth-password "john-doe-password" ||
true
-
cp /zap/wrk/gl-dast-report.json .
artifacts
:
paths
:
[
gl-dast-report.json
]
```
See
[
zaproxy documentation
](
https://gitlab.com/gitlab-org/security-products/zaproxy
)
to learn more about authentication settings.
TIP:
**Tip:**
TIP:
**Tip:**
Starting with
[
GitLab Ultimate
][
ee
]
10.4, this information will
Starting with
[
GitLab Ultimate
][
ee
]
10.4, this information will
be automatically extracted and shown right in the merge request widget. To do
be automatically extracted and shown right in the merge request widget. To do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment