Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist

2025-07-16 01:28:48 +02:00 · 2025-04-23 12:04:02 +02:00
parent 132c5f74d6
commit 6441fd5340
1 changed files with 54 additions and 66 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,114 +1,102 @@
-#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
-#Copyright (C) 2024 HTWKalender support@htwkalender.de
-
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU Affero General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
-
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU Affero General Public License for more details.
-
-#You should have received a copy of the GNU Affero General Public License
-#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - lint
-  - sonarqube-check
-  - test
-  - build
-  - package
-  - deploy
-
+- lint
+- sonarqube-check
+- test
+- build
+- package
+- deploy
 lint-frontend:
  image: node:lts
  stage: lint
  script:
-    - cd frontend
-    - npm i
-    - npm run lint-no-fix
+  - cd frontend
+  - npm i
+  - npm run lint-no-fix
  rules:
-    - changes:
-      - frontend/**/*
-
+  - changes:
+    - frontend/**/*
 lint-data-manager:
  stage: lint
  image: golangci/golangci-lint:latest
  script:
-    - cd services/data-manager
-    - go mod download
-    - golangci-lint --version
-    - golangci-lint run -v --skip-dirs=migrations --timeout=5m
+  - cd services/data-manager
+  - go mod download
+  - golangci-lint --version
+  - golangci-lint run -v --skip-dirs=migrations --timeout=5m
  rules:
-    - changes:
-      - services/data-manager/**/*
-
+  - changes:
+    - services/data-manager/**/*
 lint-ical:
  stage: lint
  image: golangci/golangci-lint:latest
  script:
-    - cd services/ical
-    - go mod download
-    - golangci-lint --version
-    - golangci-lint run -v --skip-dirs=migrations --timeout=5m
+  - cd services/ical
+  - go mod download
+  - golangci-lint --version
+  - golangci-lint run -v --skip-dirs=migrations --timeout=5m
  rules:
-    - changes:
-      - services/ical/**/*
-
+  - changes:
+    - services/ical/**/*
 sonarqube-data-manager:
  stage: sonarqube-check
  tags:
-    - imn
+  - imn
  image:
    name: sonarsource/sonar-scanner-cli:5.0
    entrypoint:
-      - ''
+    - ''
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: '0'
  cache:
    key: "${CI_JOB_NAME}"
    paths:
-      - ".sonar/cache"
+    - ".sonar/cache"
  script:
-    - cd services/data-manager
-    - sonar-scanner
+  - cd services/data-manager
+  - sonar-scanner
  allow_failure: true
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME == "develop"'
-
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  - if: $CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME
+      == "develop"
 test-data-manager:
  image: golang:alpine
  stage: test
  script:
-    - cd services/data-manager
-    - go test -v ./...
+  - cd services/data-manager
+  - go test -v ./...
  rules:
-    - changes:
-      - services/data-manager/**/*
-
+  - changes:
+    - services/data-manager/**/*
 test-ical:
  image: golang:alpine
  stage: test
  script:
-    - cd services/ical
-    - go test -v ./...
+  - cd services/ical
+  - go test -v ./...
  rules:
-    - changes:
-      - services/ical/**/*
-
+  - changes:
+    - services/ical/**/*
 test-frontend:
  image: node:lts
  stage: test
  script:
-    - cd frontend
-    - npm i
-    - npm run test
+  - cd frontend
+  - npm i
+  - npm run test
  dependencies:
  - lint-frontend
-
 include:
-  - local: 'charts/ci-build-deploy.yml'
-  - template: Security/Dependency-Scanning.gitlab-ci.yml
+- local: charts/ci-build-deploy.yml
+- template: Security/Dependency-Scanning.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+sast:
+  stage: test