Merge branch 'setup_security_products' into 'master'

Setup security products. See merge request gitlab-org/gitlab-shell!201

Merge branch 'setup_security_products' into 'master'
Setup security products. See merge request gitlab-org/gitlab-shell!201
aa1a39a9 · Rémy Coutable · 3a83767f · ce62ef0a · aa1a39a9
Commit aa1a39a9 authored Apr 11, 2018 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 11 deletions

.gitlab-ci.yml .gitlab-ci.yml +45 -11

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ rspec:
    - tags

 rubocop:
-  script: 
+  script:
    - bundle exec rubocop
  tags:
    - ruby
@@ -57,23 +57,57 @@ go:1.8:
  <<: *go_definition
  image: golang:1.8

-codeclimate:
-  before_script: []
-  image: docker:latest
+codequality:
+  image: docker:stable
  variables:
-    DOCKER_DRIVER: overlay
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
  services:
-    - docker:dind
+    - docker:stable-dind
+  before_script: []
  script:
-    - docker pull codeclimate/codeclimate
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SOURCE_CODE="$PWD"
+        --volume "$PWD":/code
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
  artifacts:
    paths: [codeclimate.json]

+
 sast:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  before_script: []
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    paths: [gl-sast-report.json]
+
+dependency_scanning:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
  before_script: []
-  image: registry.gitlab.com/gitlab-org/gl-sast:latest
  script:
-    - /app/bin/run .
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
  artifacts:
-    paths: [gl-sast-report.json]
\ No newline at end of file
+    paths: [gl-dependency-scanning-report.json]
\ No newline at end of file