Merge branch 'feature/security' into 'master'

Added SAST checking See merge request !1

Merge branch 'feature/security' into 'master'
23cd62f2 · Lukas Schreiner · 4d575d9f · 8ec7dc04 · 23cd62f2
Commit 23cd62f2 authored 5 months ago by Lukas Schreiner
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,11 +12,17 @@ variables:
    - docker:dind
  script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+      else
+        docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+      fi
    - docker push "$CI_REGISTRY_IMAGE" --all-tags

 include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml

 build:deploy:
  extends: .build_tpl
@@ -25,4 +31,8 @@ container_scanning:
  variables:
    CS_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
    CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
+    GIT_STRATEGY: "fetch"
  
+sast:
+  stage: test
+