From b37651277bb750219a8dae532e746b77e6bca877 Mon Sep 17 00:00:00 2001 From: Lukas Schreiner Date: Wed, 23 Oct 2024 17:58:49 +0200 Subject: [PATCH 1/2] Added SAST checking --- .gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6bb3017..3279c66 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,7 @@ variables: include: - template: Jobs/Container-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml build:deploy: extends: .build_tpl @@ -26,3 +27,6 @@ container_scanning: CS_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false" +sast: + stage: test + -- GitLab From ce2dd08c7973afeea204107de75baddd730d12b0 Mon Sep 17 00:00:00 2001 From: Lukas Schreiner Date: Wed, 23 Oct 2024 16:05:19 +0000 Subject: [PATCH 2/2] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3279c66..d90abdd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,12 @@ variables: - docker:dind script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION . + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION . + else + docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" --build-arg ALPINE_VERSION=$ALPINE_VERSION . + fi - docker push "$CI_REGISTRY_IMAGE" --all-tags include: @@ -26,6 +31,7 @@ container_scanning: variables: CS_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false" + GIT_STRATEGY: "fetch" sast: stage: test -- GitLab