Commit 697d1c4e authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 71ae61f8
...@@ -87,8 +87,8 @@ Use the following job in `.gitlab-ci.yml`. This includes the `artifacts:paths` k ...@@ -87,8 +87,8 @@ Use the following job in `.gitlab-ci.yml`. This includes the `artifacts:paths` k
ruby: ruby:
stage: test stage: test
script: script:
- bundle install - bundle install
- rspec spec/lib/ --format RspecJunitFormatter --out rspec.xml - rspec spec/lib/ --format RspecJunitFormatter --out rspec.xml
artifacts: artifacts:
paths: paths:
- rspec.xml - rspec.xml
...@@ -105,8 +105,8 @@ Use the following job in `.gitlab-ci.yml`: ...@@ -105,8 +105,8 @@ Use the following job in `.gitlab-ci.yml`:
golang: golang:
stage: test stage: test
script: script:
- go get -u github.com/jstemmer/go-junit-report - go get -u github.com/jstemmer/go-junit-report
- go test -v 2>&1 | go-junit-report > report.xml - go test -v 2>&1 | go-junit-report > report.xml
artifacts: artifacts:
reports: reports:
junit: report.xml junit: report.xml
...@@ -127,7 +127,7 @@ matching by defining the following path: `build/test-results/test/**/TEST-*.xml` ...@@ -127,7 +127,7 @@ matching by defining the following path: `build/test-results/test/**/TEST-*.xml`
java: java:
stage: test stage: test
script: script:
- gradle test - gradle test
artifacts: artifacts:
reports: reports:
junit: build/test-results/test/**/TEST-*.xml junit: build/test-results/test/**/TEST-*.xml
...@@ -143,7 +143,7 @@ reports, use the following job in `.gitlab-ci.yml`: ...@@ -143,7 +143,7 @@ reports, use the following job in `.gitlab-ci.yml`:
java: java:
stage: test stage: test
script: script:
- mvn verify - mvn verify
artifacts: artifacts:
reports: reports:
junit: junit:
...@@ -160,7 +160,7 @@ for JUnit: ...@@ -160,7 +160,7 @@ for JUnit:
pytest: pytest:
stage: test stage: test
script: script:
- pytest --junitxml=report.xml - pytest --junitxml=report.xml
artifacts: artifacts:
reports: reports:
junit: report.xml junit: report.xml
...@@ -181,7 +181,7 @@ will then be aggregated together. ...@@ -181,7 +181,7 @@ will then be aggregated together.
cpp: cpp:
stage: test stage: test
script: script:
- gtest.exe --gtest_output="xml:report.xml" - gtest.exe --gtest_output="xml:report.xml"
artifacts: artifacts:
reports: reports:
junit: report.xml junit: report.xml
...@@ -210,7 +210,7 @@ Test: ...@@ -210,7 +210,7 @@ Test:
- ./**/*test-result.xml - ./**/*test-result.xml
reports: reports:
junit: junit:
- ./**/*test-result.xml - ./**/*test-result.xml
``` ```
## Limitations ## Limitations
......
...@@ -108,6 +108,23 @@ By default, the DAST template will use the latest major version of the DAST Dock ...@@ -108,6 +108,23 @@ By default, the DAST template will use the latest major version of the DAST Dock
you can choose to automatically update DAST with new features and fixes by pinning to a major version (e.g. 1), only update fixes by pinning to a minor version (e.g. 1.6) or prevent all updates by pinning to a specific version (e.g. 1.6.4). you can choose to automatically update DAST with new features and fixes by pinning to a major version (e.g. 1), only update fixes by pinning to a minor version (e.g. 1.6) or prevent all updates by pinning to a specific version (e.g. 1.6.4).
Find the latest DAST versions on the [Releases](https://gitlab.com/gitlab-org/security-products/dast/-/releases) page. Find the latest DAST versions on the [Releases](https://gitlab.com/gitlab-org/security-products/dast/-/releases) page.
### When DAST scans run
When using `DAST.gitlab-ci.yml` template, the `dast` job is run last as shown in the example below. To ensure DAST is scanning the latest code, your CI pipeline should deploy changes to the web server in one of the jobs preceeding the `dast` job.
```yaml
stages:
- build
- test
- deploy
- dast
```
Be aware that if your pipeline is configured to deploy to the same webserver in each run, running a pipeline while another is still running, could cause a race condition
where one pipeline overwrites the code from another pipeline. The site to be scanned should be excluded from changes for the duration of a DAST scan.
The only changes to the site should be from the DAST scanner. Be aware that any changes that users, scheduled tasks, database or code changes, other pipelines, or other scanners make to
the site during a scan could lead to inaccurate results.
### Authenticated scan ### Authenticated scan
It's also possible to authenticate the user before performing the DAST checks: It's also possible to authenticate the user before performing the DAST checks:
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
module QA module QA
context 'Configure' do context 'Configure' do
describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin do describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin, quarantine: { type: :new } do
context 'Project Clusters' do context 'Project Clusters' do
let(:cluster) { Service::KubernetesCluster.new(provider_class: Service::ClusterProvider::K3s).create! } let(:cluster) { Service::KubernetesCluster.new(provider_class: Service::ClusterProvider::K3s).create! }
let(:project) do let(:project) do
...@@ -20,7 +20,7 @@ module QA ...@@ -20,7 +20,7 @@ module QA
cluster.remove! cluster.remove!
end end
it 'can create and associate a project cluster', :smoke, quarantine: { type: :new } do it 'can create and associate a project cluster', :smoke do
Resource::KubernetesCluster.fabricate_via_browser_ui! do |k8s_cluster| Resource::KubernetesCluster.fabricate_via_browser_ui! do |k8s_cluster|
k8s_cluster.project = project k8s_cluster.project = project
k8s_cluster.cluster = cluster k8s_cluster.cluster = cluster
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment