diff options
author | Vijay A <avijayr@protonmail.com> | 2022-01-10 09:05:29 +0530 |
---|---|---|
committer | Vijay A <vraravam@users.noreply.github.com> | 2022-01-10 09:05:29 +0530 |
commit | 7bec3e5bfa83cbe8122a67f83f48ffa4439c2e1a (patch) | |
tree | 95f876e0407f452469de807fb8cc6de9f2604810 /.gitlab-ci.yml | |
parent | build: Disable single-run eslint-typescript (diff) | |
download | sophie-7bec3e5bfa83cbe8122a67f83f48ffa4439c2e1a.tar.gz sophie-7bec3e5bfa83cbe8122a67f83f48ffa4439c2e1a.tar.zst sophie-7bec3e5bfa83cbe8122a67f83f48ffa4439c2e1a.zip |
Configure SAST in `.gitlab-ci.yml`set-sast-config-1
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e94ade..4686f33 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -1,19 +1,24 @@ | |||
1 | # You can override the included template(s) by including variable overrides | ||
2 | # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings | ||
3 | # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings | ||
4 | # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings | ||
5 | # Note that environment variables can be set in several places | ||
6 | # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence | ||
1 | image: node:16.13.1 | 7 | image: node:16.13.1 |
2 | |||
3 | cache: | 8 | cache: |
4 | paths: | 9 | paths: |
5 | - .yarn/cache/ | 10 | - ".yarn/cache" |
6 | |||
7 | stages: | 11 | stages: |
8 | - code-quality | 12 | - code-quality |
9 | - test | 13 | - test |
10 | - build | 14 | - build |
15 | - scan | ||
11 | 16 | ||
12 | default: | 17 | default: |
13 | before_script: | 18 | before_script: |
14 | - yarn install --immutable | 19 | - yarn install --immutable |
15 | 20 | ||
16 | lint: | 21 | Run linter: |
17 | stage: code-quality | 22 | stage: code-quality |
18 | script: | 23 | script: |
19 | - yarn types | 24 | - yarn types |
@@ -22,19 +27,19 @@ lint: | |||
22 | reports: | 27 | reports: |
23 | codequality: gl-codequality.json | 28 | codequality: gl-codequality.json |
24 | 29 | ||
25 | typecheck: | 30 | Run static analyzer: |
26 | stage: code-quality | 31 | stage: code-quality |
27 | script: | 32 | script: |
28 | - yarn types | 33 | - yarn types |
29 | - yarn typecheck:ci | 34 | - yarn typecheck:ci |
30 | 35 | ||
31 | test: | 36 | Run tests: |
32 | stage: test | 37 | stage: test |
33 | script: | 38 | script: |
34 | - yarn test | 39 | - yarn test |
35 | 40 | ||
36 | # TODO: GitlabCI free runners are only for linux - need to investigate for macos and windows artifacts | 41 | # TODO: GitlabCI free runners are only for linux - need to investigate for macos and windows artifacts |
37 | build: | 42 | Build: |
38 | stage: build | 43 | stage: build |
39 | script: | 44 | script: |
40 | - yarn compile | 45 | - yarn compile |
@@ -45,3 +50,14 @@ build: | |||
45 | exclude: | 50 | exclude: |
46 | - dist/builder-debug.yml | 51 | - dist/builder-debug.yml |
47 | - dist/builder-effective-config.yaml | 52 | - dist/builder-effective-config.yaml |
53 | |||
54 | sast: | ||
55 | variables: | ||
56 | SAST_EXCLUDED_PATHS: spec, test, tests, tmp, .yarn, node_modules | ||
57 | SECURE_LOG_LEVEL: error | ||
58 | stage: scan | ||
59 | |||
60 | include: | ||
61 | - template: Security/SAST.gitlab-ci.yml | ||
62 | variables: | ||
63 | SAST_EXCLUDED_ANALYZERS: "semgrep" # Disabling semgrep since the scan times out in GitlabCI agents | ||