Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
48698a62
Commit
48698a62
authored
Oct 13, 2021
by
Philippe Lafoucrière
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clean-up secure jobs config
parent
1e6a860a
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
1 addition
and
14 deletions
+1
-14
.gitlab/ci/reports.gitlab-ci.yml
.gitlab/ci/reports.gitlab-ci.yml
+1
-14
No files found.
.gitlab/ci/reports.gitlab-ci.yml
View file @
48698a62
...
...
@@ -32,11 +32,9 @@ code_quality:
brakeman-sast
:
rules
:
!reference
[
"
.reports:rules:brakeman-sast"
,
rules
]
allow_failure
:
true
semgrep-sast
:
rules
:
!reference
[
"
.reports:rules:semgrep-sast"
,
rules
]
allow_failure
:
true
gosec-sast
:
variables
:
...
...
@@ -53,7 +51,6 @@ gosec-sast:
paths
:
-
vendor/go
rules
:
!reference
[
"
.reports:rules:gosec-sast"
,
rules
]
allow_failure
:
true
.secret-analyzer
:
extends
:
.default-retry
...
...
@@ -65,7 +62,6 @@ gosec-sast:
secret_detection
:
rules
:
!reference
[
"
.reports:rules:secret_detection"
,
rules
]
allow_failure
:
true
.ds-analyzer
:
# We need to re-`extends` from `dependency_scanning` as the `extends` here overrides the one from the template.
...
...
@@ -75,6 +71,7 @@ secret_detection:
needs
:
[]
variables
:
DS_EXCLUDED_PATHS
:
"
qa/qa/ee/fixtures/secure_premade_reports,
spec,
ee/spec,
tmp"
# GitLab-specific
DS_EXCLUDED_ANALYZERS
:
"
gemnasium-maven"
artifacts
:
paths
:
-
gl-dependency-scanning-report.json
# GitLab-specific
...
...
@@ -84,25 +81,16 @@ gemnasium-dependency_scanning:
before_script
:
# git-lfs is needed for auto-remediation
-
apk add git-lfs
after_script
:
# Post-processing
-
apk add jq
# Lower execa severity based on https://gitlab.com/gitlab-org/gitlab/-/issues/223859#note_452922390
-
jq '(.vulnerabilities[] | select (.cve == "yarn.lock:execa:gemnasium:05cfa2e8-2d0c-42c1-8894-638e2f12ff3d")).severity = "Medium"' gl-dependency-scanning-report.json > temp.json && mv temp.json gl-dependency-scanning-report.json
rules
:
!reference
[
"
.reports:rules:gemnasium-dependency_scanning"
,
rules
]
allow_failure
:
true
bundler-audit-dependency_scanning
:
rules
:
!reference
[
"
.reports:rules:bundler-audit-dependency_scanning"
,
rules
]
allow_failure
:
true
retire-js-dependency_scanning
:
rules
:
!reference
[
"
.reports:rules:retire-js-dependency_scanning"
,
rules
]
allow_failure
:
true
gemnasium-python-dependency_scanning
:
rules
:
!reference
[
"
.reports:rules:gemnasium-python-dependency_scanning"
,
rules
]
allow_failure
:
true
# Analyze dependencies for malicious behavior
# See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
...
...
@@ -150,4 +138,3 @@ license_scanning:
artifacts
:
expire_in
:
1 week
# GitLab-specific
rules
:
!reference
[
"
.reports:rules:license_scanning"
,
rules
]
allow_failure
:
true
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment