Commit c9bb2be8 authored by Craig Smith's avatar Craig Smith

Separate on-demand scan template from DAST template

parent d607ea70
......@@ -17,13 +17,10 @@ module Ci
def self.ci_template_raw
<<~YAML
include:
- template: DAST.gitlab-ci.yml
stages:
- dast
dast:
rules:
- when: always
include:
- template: DAST-On-Demand-Scan.gitlab-ci.yml
YAML
end
......
---
title: Separate on-demand scan template from DAST template
merge_request: 48088
author:
type: changed
......@@ -23,15 +23,6 @@ RSpec.describe Ci::RunDastScanService do
it 'has only one stage' do
expect(described_class.ci_template['stages']).to eq(['dast'])
end
it 'has one rule is always true' do
rules = described_class.ci_template['dast']['rules']
aggregate_failures do
expect(rules.size).to eq(1)
expect(rules).to include('when' => 'always')
end
end
end
describe '#execute' do
......@@ -96,8 +87,6 @@ RSpec.describe Ci::RunDastScanService do
'name' => '$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION'
},
'script' => [
'export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}',
'if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi',
'/analyze'
],
'artifacts' => {
......
stages:
- build
- test
- deploy
- dast
variables:
DAST_VERSION: 1
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
dast:
stage: dast
image:
name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION"
variables:
GIT_STRATEGY: none
allow_failure: true
script:
- /analyze
artifacts:
reports:
dast: gl-dast-report.json
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment