Merge branch 'da/add-yarn-audit-ci-job' into 'master'

Add Yarn Audit CI Job See merge request gitlab-org/gitlab!73158

Merge branch 'da/add-yarn-audit-ci-job' into 'master'
Add Yarn Audit CI Job See merge request gitlab-org/gitlab!73158
daebde1b · Rémy Coutable · d88b0ed8 · 0ebf0c4f · daebde1b · daebde1b
Commit daebde1b authored Nov 09, 2021 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

.gitlab/ci/reports.gitlab-ci.yml .gitlab/ci/reports.gitlab-ci.yml +7 -0

.gitlab/ci/rules.gitlab-ci.yml .gitlab/ci/rules.gitlab-ci.yml +7 -0

No files found.
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -96,6 +96,13 @@ retire-js-dependency_scanning:
 gemnasium-python-dependency_scanning:
  rules: !reference [".reports:rules:gemnasium-python-dependency_scanning", rules]

+yarn-audit-dependency_scanning:
+  extends: .ds-analyzer
+  image: "registry.gitlab.com/gitlab-org/security-products/analyzers/npm-audit:1.4.0"
+  variables:
+    TOOL: yarn
+  rules: !reference [".reports:rules:yarn-audit-dependency_scanning", rules]
+
 # Analyze dependencies for malicious behavior
 # See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
 .package_hunter-base:

--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -167,6 +167,7 @@

 .nodejs-patterns: &nodejs-patterns
  - '{package.json,*/package.json,*/*/package.json}'
+  - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}'

 .python-patterns: &python-patterns
  - '{requirements.txt,*/requirements.txt,*/*/requirements.txt}'
@@ -1483,6 +1484,12 @@
      when: never
    - changes: *python-patterns

+.reports:rules:yarn-audit-dependency_scanning:
+  rules:
+    - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/'
+      when: never
+    - changes: *nodejs-patterns
+
 .reports:rules:schedule-dast:
  rules:
    - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'