diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a85008609d5b88e43feb0772e9257bd3b397c24e..5cab3fbca3f244d6f020484aeb3fbf7405ccf435 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,7 @@ include: # Security scanning - template: Security/SAST.gitlab-ci.yml + - template: Security/SAST-IaC.latest.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml @@ -27,25 +28,52 @@ default: - docker stages: - - test # GitLab security scanning jobs use the 'test' stage + - build + - test - deploy -test: - stage: test +build_jar: + stage: build + cache: + paths: + - .m2/repository script: - - mvn clean $MAVEN_CLI_OPTS verify + - mvn $MAVEN_CLI_OPTS clean verify artifacts: paths: + - .m2/ + - target/ - uw-spring-security-config/target/dependency-check-report.html - uw-spring-security-core/target/dependency-check-report.html - uw-spring-security-sample-war/target/dependency-check-report.html - uw-spring-security-web/target/dependency-check-report.html - expire_in: 1 year + expire_in: 1 week + +secret_detection: + needs: [] + +semgrep-sast: + needs: [] + +gemnasium-maven-dependency_scanning: + variables: + DS_JAVA_VERSION: 8 + needs: + - build_jar + +spotbugs-sast: + tags: + needs: + - build_jar + variables: + SAST_JAVA_VERSION: 8 + MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository + COMPILE: "false" deploy: stage: deploy only: - - main + - trunk script: - env - mvn $MAVEN_CLI_OPTS deploy -Pdeploy -X