Skip to content
Snippets Groups Projects
Commit 10ad61fb authored by Lyle Hanson's avatar Lyle Hanson
Browse files

Add security scanning jobs

parent 29d8527d
No related branches found
No related tags found
No related merge requests found
Pipeline #137717 passed with warnings
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 38 additions and 3 deletions
.gitlab-ci.yml
+ 38
3
View file @ 10ad61fb
image: maven:3-amazoncorretto-8 image: maven:3-amazoncorretto-8
include:
# Security scanning
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
variables: variables:
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log. # This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work. # `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
...@@ -20,10 +26,39 @@ default: ...@@ -20,10 +26,39 @@ default:
- aws - aws
- docker - docker
test: stages:
stage: test - build
- test
- deploy
build_jar:
stage: build
script: script:
- mvn clean $MAVEN_CLI_OPTS verify - mvn $MAVEN_CLI_OPTS clean verify
artifacts:
paths:
- target
reports:
dotenv: vars.env
# Security scanning jobs
secret_detection:
needs: []
semgrep-sast:
needs: []
gemnasium-maven-dependency_scanning:
variables:
DS_JAVA_VERSION: 8
spotbugs-sast:
needs:
- build_jar
variables:
SAST_JAVA_VERSION: 8
MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository
COMPILE: "false"
deploy: deploy:
stage: deploy stage: deploy
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment