Added Qualys IaC Security template

Changelog: added

Added Qualys IaC Security template
Changelog: added
6fc4eae5 · Mahesh Bachhav · Marcel Amirault · 1ba3d52a · 6fc4eae5 · 6fc4eae5
Commit 6fc4eae5 authored Feb 02, 2022 by Mahesh Bachhav Committed by Marcel Amirault Feb 02, 2022
6 changed files
--- a/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml
+++ b/config/metrics/counts_28d/20210216184559_ci_templates_total_unique_counts_monthly.yml
@@ -162,6 +162,7 @@ options:
  - p_ci_templates_implicit_security_dast
  - p_ci_templates_implicit_security_cluster_image_scanning
  - p_ci_templates_kaniko
+  - p_ci_templates_qualys_iac_security
 distribution:
 - ce
 - ee

--- a/config/metrics/counts_28d/20220119153911_p_ci_templates_qualys_iac_security_monthly.yml
+++ b/config/metrics/counts_28d/20220119153911_p_ci_templates_qualys_iac_security_monthly.yml
+---
+key_path: redis_hll_counters.ci_templates.p_ci_templates_qualys_iac_security_monthly
+description: ""
+product_section: ""
+product_stage: ""
+product_group: ""
+product_category: ""
+value_type: number
+status: active
+milestone: "14.7"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77362
+time_frame: 28d
+data_source: redis_hll
+data_category: optional
+instrumentation_class: RedisHLLMetric
+performance_indicator_type: []
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+options:
+  events:
+    - p_ci_templates_qualys_iac_security
--- a/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml
+++ b/config/metrics/counts_7d/20210216184557_ci_templates_total_unique_counts_weekly.yml
@@ -162,6 +162,7 @@ options:
  - p_ci_templates_implicit_security_dast
  - p_ci_templates_implicit_security_cluster_image_scanning
  - p_ci_templates_kaniko
+  - p_ci_templates_qualys_iac_security
 distribution:
 - ce
 - ee

--- a/config/metrics/counts_7d/20220119153904_p_ci_templates_qualys_iac_security_weekly.yml
+++ b/config/metrics/counts_7d/20220119153904_p_ci_templates_qualys_iac_security_weekly.yml
+---
+key_path: redis_hll_counters.ci_templates.p_ci_templates_qualys_iac_security_weekly
+description: ""
+product_section: ""
+product_stage: ""
+product_group: ""
+product_category: ""
+value_type: number
+status: active
+milestone: "14.7"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77362
+time_frame: 7d
+data_source: redis_hll
+data_category: optional
+instrumentation_class: RedisHLLMetric
+performance_indicator_type: []
+distribution:
+- ce
+- ee
+tier:
+- free
+- premium
+- ultimate
+options:
+  events:
+    - p_ci_templates_qualys_iac_security
--- a/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml
+# This template is provided and maintained by Qualys Inc., an official Technology Partner with GitLab.
+# See https://about.gitlab.com/partners/technology-partners/#security for more information.
+#
+# This template shows how to use Qualys IaC Scan with a GitLab CI/CD pipeline.
+# Qualys and GitLab users can use this to scan their IaC templates for misconfigurations.
+# Documentation about this integration: https://www.qualys.com/documentation/qualys-iac-gitlab-integration.pdf
+#
+# This template should not need editing to work in your project.
+# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword.
+#
+# The `qualys_iac_sast` job runs for branch (push) pipelines, including scheduled
+# and manually run branch pipelines.
+#
+# The sast-report output complies with GitLab's format. This report displays Qualys IaC Scan's
+# results in the Security tab in the pipeline view, if you have that feature enabled (GitLab Ultimate only).
+# The Qualys IaC Scan output is available in the Jobs tab in the pipeline view.
+#
+# Requirements:
+# Before you can use this template, add the following CI/CD variables to your
+# project CI/CD settings:
+#
+# - QUALYS_URL: The Qualys guard URL.
+# - QUALYS_USERNAME: The Qualys username.
+# - QUALYS_PASSWORD: The Qualys password. Make this variable masked.
+# - BREAK_ON_ERROR: (optional) If you don't want the pipeline to fail on an error,
+#                   then add this variable and set it to "false". Otherwise set it
+#                   to "true", or omit the variable.
+
+stages:
+  - build
+  - test
+  - qualys_iac_scan
+  - deploy
+
+qualys_iac_sast:
+  stage: qualys_iac_scan
+  image:
+    name: qualys/qiac_security_cli:latest
+    entrypoint: [""]
+  script:
+    - sh /home/qiac/gitlab.sh
+  artifacts:
+    name: "qualys-iac-sast-artifacts"
+    paths:
+      - qualys_iac_ci_result.json
+    reports:
+      sast: gl-sast-qualys-iac-ci-report.json
--- a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml
+++ b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml
@@ -151,6 +151,10 @@
  category: ci_templates
  redis_slot: ci_templates
  aggregation: weekly
+- name: p_ci_templates_qualys_iac_security
+  category: ci_templates
+  redis_slot: ci_templates
+  aggregation: weekly
 - name: p_ci_templates_ios_fastlane
  category: ci_templates
  redis_slot: ci_templates