Git-Mirrors/veilid
1
0
Fork 0
mirror of https://gitlab.com/veilid/veilid.git synced 2025-03-13 01:16:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

Adding Semgrep to CI

Browse Source
This commit is contained in:
TC 2024-12-25 04:49:13 +00:00
parent 1387c512ce
commit 2cf82dd7b8
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.gitlab-ci.yml
View File

@ -93,6 +93,40 @@ test_build:
- if: $CI_PIPELINE_SOURCE == "push" - if: $CI_PIPELINE_SOURCE == "push"
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
semgrep:
# A Docker image with Semgrep installed.
image: semgrep/semgrep
rules:
# Scan changed files in MRs, (diff-aware scanning):
- if: $CI_MERGE_REQUEST_IID
# Scan mainline (default) branches and report all findings.
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
variables:
# Connect to Semgrep AppSec Platform through your SEMGREP_APP_TOKEN.
# Generate a token from Semgrep AppSec Platform > Settings
# and add it as a variable in your GitLab CI/CD project settings.
SEMGREP_APP_TOKEN: $SEMGREP_APP_TOKEN
# Upload findings to GitLab SAST Dashboard:
SEMGREP_GITLAB_JSON: "1"
# Other optional settings in the `variables` block:
# Receive inline MR comments (requires Semgrep AppSec Platform account)
# Setup instructions:
# https://semgrep.dev/docs/semgrep-appsec-platform/gitlab-mr-comments
# GITLAB_TOKEN: $PAT
# Run the "semgrep ci" command on the command line of the docker image and send findings
# to GitLab SAST.
script: semgrep ci --gitlab-sast > gl-sast-report.json || true
artifacts:
reports:
sast: gl-sast-report.json
# Actual release -- triggered by pushing a new version tag # Actual release -- triggered by pushing a new version tag
release_job: release_job: