syncmaster-ui/.gitlab-ci.yml at develop · MTSWebServices/syncmaster-ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
stages:
  - sbom
  - security-scan


## -------------- Security Pipeline ---------------- ##
sbom-creation:
  stage: sbom
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
      when: always
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      when: always
    - when: never
  image:
    name: ${SBOM_IMAGE}
    entrypoint: ['']
  script:
    - yarn config set npmRegistryServer $NPM_REGISTRY
    - yarn dlx @cyclonedx/yarn-plugin-cyclonedx --output-file sbom.cyclonedx.json
  artifacts:
    paths:
      - sbom.cyclonedx.json
    expire_in: 1 days

security-scan:
  variables:
    APPSECHUB_PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    APPSECHUB_SCA_SBOM_GENERATOR: custom
    APPSECHUB_SBOM_PATH: sbom.cyclonedx.json
    APPSECHUB_SBOM_MASK: '*bom*.json'
    CUSTOM_SBOM_GENERATOR_JOB_NAME: sbom-creation
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      when: always
    - if: $CI_PIPELINE_SOURCE == "web"
      when: always
    - when: never
  stage: security-scan
  trigger:
    include:
      - project: 'devsecops3000Pro/public/pipelines/security-pipeline'
        file: 'security_pipeline.yaml'
        ref: 'master'
    forward:
      pipeline_variables: true
      yaml_variables: true