-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
143 lines (132 loc) · 3.5 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
image: docker:20.10.16
services:
- docker:20.10.16-dind
stages:
- build
- test
- evaluate
wast_test:
stage: test
image: docker/compose
script:
- set +e
- cd wasttesting
- docker-compose up --abort-on-container-exit || EXIT_CODE=$?
- set -e
- case $EXIT_CODE in
1) exit 1 ;;
2) exit 0 ;;
*) exit $EXIT_CODE ;;
esac
artifacts:
name: wastreport
when: always
paths:
- wasttesting/scanresults
allow_failure:
exit_codes: 1
evaluate_wast:
stage: evaluate
before_script:
- apk add jq
script:
- cd wasttesting/scanresults
- alerts=$(cat wast_report.json | jq -r '.site[].alerts' | jq length)
- if [ $alerts -gt 0 ]; then exit 1; else exit 0; fi
dependencies:
- wast_test
bdst_test:
stage: test
image: docker/compose
script:
- cd bdsttesting
- docker-compose up --abort-on-container-exit
artifacts:
name: bdstreport
when: always
paths:
- bdsttesting/results
evaluate_bdst:
stage: evaluate
before_script:
- apk add jq
allow_failure:
exit_codes: 2
script:
- cd bdsttesting/results
- high=$(cat alertsSummary.json | jq -r '.alertsSummary.High')
- medium=$(cat alertsSummary.json | jq -r '.alertsSummary.Medium')
- low=$(cat alertsSummary.json | jq -r '.alertsSummary.Low')
- if [ $high -gt 0 ] || [ $medium -gt 0 ];
then exit 1;
elif [ $low -gt 0 ];
then echo 2;
else echo exit 0;
fi
dependencies:
- bdst_test
sas_test:
stage: test
image: docker/compose
script:
- cd sastesting
- docker-compose up --abort-on-container-exit
artifacts:
name: sasreport
when: always
paths:
- sastesting/results
evaluate_sas:
stage: evaluate
before_script:
- apk add jq
allow_failure:
exit_codes: 2
script:
- cd sastesting/results
- high=$(cat alertsSummary.json | jq -r '.alertsSummary.High')
- medium=$(cat alertsSummary.json | jq -r '.alertsSummary.Medium')
- low=$(cat alertsSummary.json | jq -r '.alertsSummary.Low')
- if [ $high -gt 0 ] || [ $medium -gt 0 ];
then exit 1;
elif [ $low -gt 0 ];
then echo 2;
else echo exit 0;
fi
dependencies:
- sas_test
# BUILD WAST
# build_wast_zap_script:
# stage: build
# before_script:
# - cd wasttesting
# - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# script:
# - docker build pentest -t $CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-script-$CI_COMMIT_SHA
# - docker push $CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-script-$CI_COMMIT_SHA
# build_wast_zap:
# stage: build
# before_script:
# - cd wasttesting
# - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# script:
# - docker build zap -t $CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-$CI_COMMIT_SHA
# - docker push $CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-$CI_COMMIT_SHA
# TEST WAST
# test_wast:
# stage: test
# image:
# name: docker/compose
# before_script:
# # - apk add python3 zip
# # - export ZAP_URL=$CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-$CI_COMMIT_SHA
# # - export ZAP_SCRIPT_URL=$CI_REGISTRY/$CI_PROJECT_PATH:wast-zap-script-$CI_COMMIT_SHA
# # - python3 update-compose.py --file='wasttesting/docker-compose.yaml' --variables 'zap_script_url' 'zap_url'
# - cd wasttesting
# script:
# - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# - docker-compose up --abort-on-container-exit
# artifacts:
# paths:
# - wasttesting/results
# expire_in: 1 week