Commit b3063d8a authored by Igor Frenkel's avatar Igor Frenkel Committed by Rémy Coutable

Add nested file detection for Dependency Scanning

parent f35bf8cb
---
title: Add nested file detection for Dependency Scanning
merge_request: 31932
author:
type: fixed
......@@ -78,10 +78,42 @@ describe 'Dependency-Scanning.gitlab-ci.yml' do
end
with_them do
let(:project) { create(:project, :custom_repo, files: files_at_depth_x) }
context 'with file at root' do
let(:files_at_depth_x) { files }
it 'creates a pipeline with the expected jobs' do
expect(build_names).to include(*include_build_names)
end
end
context 'with file at depth 1' do
# prepend a directory to files (e.g. convert go.sum to foo/go.sum)
let(:files_at_depth_x) { Hash[files.map { |k, v| ["foo/#{k}", v]}] }
it 'creates a pipeline with the expected jobs' do
expect(build_names).to include(*include_build_names)
end
end
context 'with file at depth 2' do
# prepend a directory to files (e.g. convert go.sum to foo/bar/go.sum)
let(:files_at_depth_x) { Hash[files.map { |k, v| ["foo/bar/#{k}", v]}] }
it 'creates a pipeline with the expected jobs' do
expect(build_names).to include(*include_build_names)
end
end
context 'with file at depth > 2' do
let(:files_at_depth_x) { Hash[files.map { |k, v| ["foo/bar/baz/#{k}", v]}] }
it 'includes no job' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
end
end
context 'when PIP_REQUIREMENTS_FILE is defined' do
......
......@@ -105,13 +105,13 @@ gemnasium-dependency_scanning:
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /gemnasium([^-]|$)/
exists:
- 'Gemfile.lock'
- 'composer.lock'
- 'gems.locked'
- 'go.sum'
- 'npm-shrinkwrap.json'
- 'package-lock.json'
- 'yarn.lock'
- '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
- '{composer.lock,*/composer.lock,*/*/composer.lock}'
- '{gems.locked,*/gems.locked,*/*/gems.locked}'
- '{go.sum,*/go.sum,*/*/go.sum}'
- '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}'
- '{package-lock.json,*/package-lock.json,*/*/package-lock.json}'
- '{yarn.lock,*/yarn.lock,*/*/yarn.lock}'
gemnasium-maven-dependency_scanning:
extends: .ds-analyzer
......@@ -124,9 +124,9 @@ gemnasium-maven-dependency_scanning:
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /gemnasium-maven/
exists:
- 'build.gradle'
- 'build.sbt'
- 'pom.xml'
- '{build.gradle,*/build.gradle,*/*/build.gradle}'
- '{build.sbt,*/build.sbt,*/*/build.sbt}'
- '{pom.xml,*/pom.xml,*/*/pom.xml}'
gemnasium-python-dependency_scanning:
extends: .ds-analyzer
......@@ -139,11 +139,11 @@ gemnasium-python-dependency_scanning:
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /gemnasium-python/
exists:
- 'requirements.txt'
- 'requirements.pip'
- 'Pipfile'
- 'requires.txt'
- 'setup.py'
- '{requirements.txt,*/requirements.txt,*/*/requirements.txt}'
- '{requirements.pip,*/requirements.pip,*/*/requirements.pip}'
- '{Pipfile,*/Pipfile,*/*/Pipfile}'
- '{requires.txt,*/requires.txt,*/*/requires.txt}'
- '{setup.py,*/setup.py,*/*/setup.py}'
# Support passing of $PIP_REQUIREMENTS_FILE
# See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
- if: $CI_COMMIT_BRANCH &&
......@@ -162,7 +162,7 @@ bundler-audit-dependency_scanning:
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /bundler-audit/
exists:
- 'Gemfile.lock'
- '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
retire-js-dependency_scanning:
extends: .ds-analyzer
......@@ -175,4 +175,4 @@ retire-js-dependency_scanning:
$GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /retire.js/
exists:
- 'package.json'
- '{package.json,*/package.json,*/*/package.json}'
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment