65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
# Read more about this feature here: https://docs.gitlab.com/ee/user/project/merge_requests/dast.html
|
|
|
|
# Configure the scanning tool through the environment variables.
|
|
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
|
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
- deploy
|
|
- dast
|
|
|
|
dast:
|
|
stage: dast
|
|
image: docker:stable
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
allow_failure: true
|
|
services:
|
|
- docker:stable-dind
|
|
script:
|
|
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
|
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
|
- |
|
|
if ! docker info &>/dev/null; then
|
|
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
|
export DOCKER_HOST='tcp://localhost:2375'
|
|
fi
|
|
fi
|
|
- |
|
|
function dast_run() {
|
|
docker run \
|
|
--env DAST_FULL_SCAN_ENABLED \
|
|
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
|
--volume "$PWD:/output" \
|
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
-w /output \
|
|
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
|
/analyze -t $DAST_WEBSITE \
|
|
"$@"
|
|
}
|
|
- |
|
|
if [ -n "$DAST_AUTH_URL" ]
|
|
then
|
|
dast_run \
|
|
--auth-url $DAST_AUTH_URL \
|
|
--auth-username $DAST_USERNAME \
|
|
--auth-password $DAST_PASSWORD \
|
|
--auth-username-field $DAST_USERNAME_FIELD \
|
|
--auth-password-field $DAST_PASSWORD_FIELD \
|
|
--auth-exclude-urls $DAST_AUTH_EXCLUDE_URLS
|
|
else
|
|
dast_run
|
|
fi
|
|
artifacts:
|
|
reports:
|
|
dast: gl-dast-report.json
|
|
only:
|
|
refs:
|
|
- branches
|
|
variables:
|
|
- $GITLAB_FEATURES =~ /\bdast\b/
|
|
except:
|
|
variables:
|
|
- $DAST_DISABLED
|