forked from ngageoint/mapcache-electron
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
48 lines (46 loc) · 1.75 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
variables:
TF_APP_ID: $TF_APP_ID
TF_API_KEY: $TF_API_KEY
TF_URL: $TF_URL
SCAN_PATH: $SCAN_PATH
stages:
- test
fortify_scanning:
image: ${CI_REGISTRY}/dso-millennium-falcon/docker/fortify-sca:latest
stage: test
script:
- /opt/Fortify/bin/sourceanalyzer -64 -version
- /opt/Fortify/bin/fortifyupdate -showInstalledRules
- /opt/Fortify/bin/sourceanalyzer -64 -b "desktopMapcache-${CI_JOB_ID}" -clean
- echo ${SCAN_PATH}
- echo ${TF_APP_ID}
- /opt/Fortify/bin/sourceanalyzer -64 -Xmx4G -b "desktopMapcache-${CI_JOB_ID}" ${SCAN_PATH}
- /opt/Fortify/bin/sourceanalyzer -64 -b "desktopMapcache-${CI_JOB_ID}" -show-build-warnings
- /opt/Fortify/bin/sourceanalyzer -64 -b "desktopMapcache-${CI_JOB_ID}" -show-files
- /opt/Fortify/bin/sourceanalyzer -64 -Xmx4G -b "desktopMapcache-${CI_JOB_ID}" -scan -output-file "fortify-scan-results.fpr" -debug -logfile sca.log -verbose
- /opt/Fortify/bin/BIRTReportGenerator
-template "Developer Workbook"
-format PDF
-source fortify-scan-results.fpr
-output fortify-scan-results.pdf
after_script:
- |
if [[ ${TF_APP_ID} ]] && [[ ${TF_API_KEY} ]] && [[ ${TF_URL} ]]
then
curl -vk -H 'Accept: application/json' \
-H "Authorization: APIKEY ${TF_API_KEY}" \
-X POST --form file=@fortify-scan-results.fpr \
"${TF_URL}/rest/latest/applications/${TF_APP_ID}/upload"
else
echo "Skipping uploading fortify-scan-results.fpr report to ThreadFix."
echo "To upload to ThreadFix, please specify a TF_APP_ID, TF_API_KEY, and TF_URL."
fi
artifacts:
paths:
- fortify-scan-results.fpr
- fortify-scan-results.pdf
- sca.log
expire_in: 1 week
allow_failure: true
tags:
- standard