File tree Expand file tree Collapse file tree 2 files changed +18
-18
lines changed Expand file tree Collapse file tree 2 files changed +18
-18
lines changed Original file line number Diff line number Diff line change 11variables :
2- SAST_EXCLUDED_ANALYZERS : " semgrep-sast,gosec-sast"
32 DOCKER_DRIVER : overlay2
43
54workflow :
Original file line number Diff line number Diff line change 11include :
2- - template : Security/SAST.gitlab-ci.yml
32 - local : ' ui/packages/ce/.gitlab-ci.yml'
43 - local : ' ui/packages/platform/.gitlab-ci.yml'
54
@@ -10,7 +9,7 @@ include:
109 changes :
1110 - ui/**/*
1211
13- check_code_style :
12+ check-code-style :
1413 << : *only_ui
1514 stage : test
1615 image : node:16.13.0
@@ -19,20 +18,22 @@ check_code_style:
1918 - npm --prefix ui/ run lint -w packages/ce
2019 - npm --prefix ui/ run lint -w packages/platform
2120
22- eslint-sast :
23- << : *only_ui
24- extends : .sast-analyzer
25- image :
26- name : " $SAST_ANALYZER_IMAGE"
27- variables :
28- SAST_ANALYZER_IMAGE_TAG : 2
29- SAST_ANALYZER_IMAGE : " $SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
30-
31- nodejs-scan-sast :
21+ semgrep-sast :
22+ stage : test
23+ image : returntocorp/semgrep
3224 << : *only_ui
33- extends : .sast-analyzer
34- image :
35- name : " $SAST_ANALYZER_IMAGE"
3625 variables :
37- SAST_ANALYZER_IMAGE_TAG : 2
38- SAST_ANALYZER_IMAGE : " $SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
26+ # See more at semgrep.dev/explore.
27+ SEMGREP_RULES : >-
28+ p/security-audit
29+ p/secrets
30+ p/default
31+ p/owasp-top-ten
32+ p/javascript
33+ p/react
34+ # Upload findings to GitLab SAST Dashboard:
35+ SEMGREP_GITLAB_JSON : " 1"
36+ script : semgrep ci --gitlab-sast > gl-sast-report.json || true
37+ artifacts :
38+ reports :
39+ sast : gl-sast-report.json
You can’t perform that action at this time.
0 commit comments