debian-mirror-gitlab/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml

49 lines
2 KiB
YAML
Raw Normal View History

2022-04-04 11:22:00 +05:30
# This template is provided and maintained by Qualys Inc., an official Technology Partner with GitLab.
# See https://about.gitlab.com/partners/technology-partners/#security for more information.
#
# This template shows how to use Qualys IaC Scan with a GitLab CI/CD pipeline.
# Qualys and GitLab users can use this to scan their IaC templates for misconfigurations.
2022-07-16 23:28:13 +05:30
# The IaC templates are uploaded to Qualys Platform for scanning, which returns the results to GitLab for reporting.
# Documentation about this integration: https://www.qualys.com/docs/qualys-iac-security-integration-gitlab.pdf
2022-04-04 11:22:00 +05:30
#
# This template should not need editing to work in your project.
# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword.
#
# The `qualys_iac_sast` job runs for branch (push) pipelines, including scheduled
# and manually run branch pipelines.
#
# The sast-report output complies with GitLab's format. This report displays Qualys IaC Scan's
# results in the Security tab in the pipeline view, if you have that feature enabled (GitLab Ultimate only).
# The Qualys IaC Scan output is available in the Jobs tab in the pipeline view.
#
# Requirements:
# Before you can use this template, add the following CI/CD variables to your
# project CI/CD settings:
#
# - QUALYS_URL: The Qualys guard URL.
# - QUALYS_USERNAME: The Qualys username.
# - QUALYS_PASSWORD: The Qualys password. Make this variable masked.
# - BREAK_ON_ERROR: (optional) If you don't want the pipeline to fail on an error,
# then add this variable and set it to "false". Otherwise set it
# to "true", or omit the variable.
stages:
- build
- test
- qualys_iac_scan
- deploy
qualys_iac_sast:
stage: qualys_iac_scan
image:
name: qualys/qiac_security_cli:latest
entrypoint: [""]
script:
- sh /home/qiac/gitlab.sh
artifacts:
name: "qualys-iac-sast-artifacts"
paths:
- qualys_iac_ci_result.json
reports:
sast: gl-sast-qualys-iac-ci-report.json