From 6441fd5340ddf2ffd35965fa652cf37e2430b345 Mon Sep 17 00:00:00 2001
From: Elmar Kresse <elmar.kresse@stud.htwk-leipzig.de>
Date: Wed, 23 Apr 2025 12:04:02 +0200
Subject: [PATCH] Configure SAST in `.gitlab-ci.yml`, creating this file if it
 does not already exist

---
 .gitlab-ci.yml | 120 ++++++++++++++++++++++---------------------------
 1 file changed, 54 insertions(+), 66 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f1f409f..03becbd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,114 +1,102 @@
-#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
-#Copyright (C) 2024 HTWKalender support@htwkalender.de
-
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU Affero General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
-
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU Affero General Public License for more details.
-
-#You should have received a copy of the GNU Affero General Public License
-#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - lint
-  - sonarqube-check
-  - test
-  - build
-  - package
-  - deploy
-
+- lint
+- sonarqube-check
+- test
+- build
+- package
+- deploy
 lint-frontend:
   image: node:lts
   stage: lint
   script:
-    - cd frontend
-    - npm i
-    - npm run lint-no-fix
+  - cd frontend
+  - npm i
+  - npm run lint-no-fix
   rules:
-    - changes:
-      - frontend/**/*
-
+  - changes:
+    - frontend/**/*
 lint-data-manager:
   stage: lint
   image: golangci/golangci-lint:latest
   script:
-    - cd services/data-manager
-    - go mod download
-    - golangci-lint --version
-    - golangci-lint run -v --skip-dirs=migrations --timeout=5m
+  - cd services/data-manager
+  - go mod download
+  - golangci-lint --version
+  - golangci-lint run -v --skip-dirs=migrations --timeout=5m
   rules:
-    - changes:
-      - services/data-manager/**/*
-
+  - changes:
+    - services/data-manager/**/*
 lint-ical:
   stage: lint
   image: golangci/golangci-lint:latest
   script:
-    - cd services/ical
-    - go mod download
-    - golangci-lint --version
-    - golangci-lint run -v --skip-dirs=migrations --timeout=5m
+  - cd services/ical
+  - go mod download
+  - golangci-lint --version
+  - golangci-lint run -v --skip-dirs=migrations --timeout=5m
   rules:
-    - changes:
-      - services/ical/**/*
-
+  - changes:
+    - services/ical/**/*
 sonarqube-data-manager:
   stage: sonarqube-check
   tags:
-    - imn
+  - imn
   image:
     name: sonarsource/sonar-scanner-cli:5.0
     entrypoint:
-      - ''
+    - ''
   variables:
     SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
     GIT_DEPTH: '0'
   cache:
     key: "${CI_JOB_NAME}"
     paths:
-      - ".sonar/cache"
+    - ".sonar/cache"
   script:
-    - cd services/data-manager
-    - sonar-scanner
+  - cd services/data-manager
+  - sonar-scanner
   allow_failure: true
   rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME == "develop"'
-
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  - if: $CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME
+      == "develop"
 test-data-manager:
   image: golang:alpine
   stage: test
   script:
-    - cd services/data-manager
-    - go test -v ./...
+  - cd services/data-manager
+  - go test -v ./...
   rules:
-    - changes:
-      - services/data-manager/**/*
-
+  - changes:
+    - services/data-manager/**/*
 test-ical:
   image: golang:alpine
   stage: test
   script:
-    - cd services/ical
-    - go test -v ./...
+  - cd services/ical
+  - go test -v ./...
   rules:
-    - changes:
-      - services/ical/**/*
-
+  - changes:
+    - services/ical/**/*
 test-frontend:
   image: node:lts
   stage: test
   script:
-    - cd frontend
-    - npm i
-    - npm run test
+  - cd frontend
+  - npm i
+  - npm run test
   dependencies:
   - lint-frontend
-
 include:
-  - local: 'charts/ci-build-deploy.yml'
-  - template: Security/Dependency-Scanning.gitlab-ci.yml
+- local: charts/ci-build-deploy.yml
+- template: Security/Dependency-Scanning.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+sast:
+  stage: test