Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist

2025-07-16 09:38:49 +02:00 · 2025-04-23 12:04:02 +02:00
parent 132c5f74d6
commit 6441fd5340
1 changed files with 54 additions and 66 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,26 +1,17 @@
-#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
-#Copyright (C) 2024 HTWKalender support@htwkalender.de
-
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU Affero General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
-
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU Affero General Public License for more details.
-
-#You should have received a copy of the GNU Affero General Public License
-#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - lint
-  - sonarqube-check
-  - test
-  - build
-  - package
-  - deploy
-
+- lint
+- sonarqube-check
+- test
+- build
+- package
+- deploy
 lint-frontend:
  image: node:lts
  stage: lint
@ -31,7 +22,6 @@ lint-frontend:
  rules:
  - changes:
    - frontend/**/*
-
 lint-data-manager:
  stage: lint
  image: golangci/golangci-lint:latest
@ -43,7 +33,6 @@ lint-data-manager:
  rules:
  - changes:
    - services/data-manager/**/*
-
 lint-ical:
  stage: lint
  image: golangci/golangci-lint:latest
@ -55,7 +44,6 @@ lint-ical:
  rules:
  - changes:
    - services/ical/**/*
-
 sonarqube-data-manager:
  stage: sonarqube-check
  tags:
@ -76,9 +64,9 @@ sonarqube-data-manager:
  - sonar-scanner
  allow_failure: true
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME == "develop"'
-
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  - if: $CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME
+      == "develop"
 test-data-manager:
  image: golang:alpine
  stage: test
@ -88,7 +76,6 @@ test-data-manager:
  rules:
  - changes:
    - services/data-manager/**/*
-
 test-ical:
  image: golang:alpine
  stage: test
@ -98,7 +85,6 @@ test-ical:
  rules:
  - changes:
    - services/ical/**/*
-
 test-frontend:
  image: node:lts
  stage: test
@ -108,7 +94,9 @@ test-frontend:
  - npm run test
  dependencies:
  - lint-frontend
-
 include:
-  - local: 'charts/ci-build-deploy.yml'
-  - template: Security/Dependency-Scanning.gitlab-ci.yml
+- local: charts/ci-build-deploy.yml
+- template: Security/Dependency-Scanning.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+sast:
+  stage: test