DeveloperDurp/yml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2024-05-06 06:15:47 -05:00
parent 919aa63a77
commit 945ac257a1
3 changed files with 46 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
pipelines/go-build.yml
View File

@@ -10,30 +10,11 @@ include:
file: file:
- 'jobs/golang.yml' - 'jobs/golang.yml'
- 'jobs/version.yml' - 'jobs/version.yml'
- 'jobs/sonarqube.yml'
- 'jobs/golang.yml' - 'jobs/golang.yml'
- 'jobs/docker.yml' - 'jobs/docker.yml'
- 'jobs/codescan.yml'
- 'rules/rules.yml' - 'rules/rules.yml'
- 'pipelines/templates/security'
generate_sbom:
extends: .generate_sbom
stage: build
needs:
- job: docker-build
optional: true
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
generate_cve:
extends: .generate_cve
stage: build
needs:
- job: generate_sbom
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
version: version:
extends: .version extends: .version
@@ -41,19 +22,6 @@ version:
rules: rules:
- !reference [.default_rules, rules] - !reference [.default_rules, rules]
secret_detection:
stage: validate
rules:
- !reference [.mr_only_rules, rules]
allow_failure: false
sonarqube:
extends: .sonarcloud-check
stage: validate
allow_failure: true
rules:
- !reference [.sonarqube_rules, rules]
golang-lint: golang-lint:
extends: .golang-lint extends: .golang-lint
stage: validate stage: validate

43
pipelines/templates/security.yml Normal file
View File

@@ -0,0 +1,43 @@
stages:
- build
include:
- template: Security/Secret-Detection.gitlab-ci.yml
- project: 'developerdurp/yml'
ref: 'main'
file:
- 'jobs/codescan.yml'
- 'jobs/sonarqube.yml'
- 'rules/rules.yml'
secret_detection:
stage: validate
rules:
- !reference [.mr_only_rules, rules]
allow_failure: false
generate_sbom:
extends: .generate_sbom
stage: build
needs:
- job: docker-build
optional: true
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
generate_cve:
extends: .generate_cve
stage: build
needs:
- job: generate_sbom
artifacts: true
rules:
- !reference [.mr_only_rules, rules]
sonarqube:
extends: .sonarcloud-check
stage: validate
allow_failure: true
rules:
- !reference [.sonarqube_rules, rules]

4
scripts/scanner/syft-docker.sh
View File

@@ -3,8 +3,8 @@
#Syft scan for docker #Syft scan for docker
for i in packages/*.tar.gz; for i in packages/*.tar.gz;
do filename=${i%.*.tar.gz}; do filename=${i%.*.*.*.tar.gz};
filename="$(basename -- "$filename")" filename="$(basename -- "$filename")"
syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json; syft $i -o cyclonedx-json=syft/$filename.docker.sbom.json;
done done
${version%.*.*.*.tar.gz}