From 5577bfd77e16e45bee70f675c5791f77ba399af2 Mon Sep 17 00:00:00 2001
From: Andreas Romeyke <andreas.romeyke@slub-dresden.de>
Date: Tue, 13 Dec 2022 14:39:03 +0100
Subject: [PATCH] - added analysis
---
.gitlab-ci.yml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7a5649f..16ad0ab 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,6 +16,7 @@
stages: # List of stages for jobs, and their order of execution
- build
- test
+ - analysis
- packaging
variables:
@@ -27,6 +28,13 @@ variables:
ARTIFACT_COMPRESSION_LEVEL: "fast"
CACHE_COMPRESSION_LEVEL: "fast"
# CI_DEBUG_TRACE: "true"
+ SAST_DEFAULT_ANALYZERS: "spotbugs"
+ SAST_EXCLUDED_ANALYZERS: ""
+ SAST_JAVA_VERSION: 11
+
+include:
+ - template: Security/SAST.gitlab-ci.yml
+ - template: Security/Secret-Detection.gitlab-ci.yml
default:
image:
@@ -76,6 +84,53 @@ test-job:
- ROSETTASDK=$ROSETTASDK make -e check_prerequisites
- ROSETTASDK=$ROSETTASDK make -e test
+spotbugs-sast:
+ stage: analysis
+ variables:
+ FAIL_NEVER: 1
+ tags:
+ - cmr
+ artifacts:
+ paths:
+ - gl-sast-report.json
+ rules:
+ - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+ when: always
+ - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+ when: always
+ - if: '$CI_COMMIT_BRANCH == "main"'
+ when: always
+ - when: manual
+ allow_failure: true
+
+secret_detection:
+ stage: analysis
+ tags:
+ - cmr
+ rules:
+ - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+ when: always
+ - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+ when: always
+ - if: '$CI_COMMIT_BRANCH == "main"'
+ when: always
+ - when: manual
+ allow_failure: true
+
+eslint-sast:
+ stage: analysis
+ tags:
+ - cmr
+ rules:
+ - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+ when: always
+ - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+ when: always
+ - if: '$CI_COMMIT_BRANCH == "main"'
+ when: always
+ - when: manual
+ allow_failure: true
+
packaging-job:
stage: packaging
--
GitLab