Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

7be1e556 · Mayr, Hannes · c64d0385 · 7be1e556
Commit 7be1e556 authored Nov 16, 2022 by Mayr, Hannes
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 image: python:3.10
 stages:
 - linting
 - testing
 - security
 - docs
-
-# Change pip's cache directory to be inside the project directory since we can
-# only cache local items.
+- test
 variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
-
 before_script:
- python --version  # For debugging
+- python --version
 - pip install --upgrade pip
- pip install --user -r requirements.txt  # install dependencies from file
-
+- pip install --user -r requirements.txt
 PEP8:
  stage: linting
  script:
  - pip install flake8
  - flake8 --count .
-
 Pylint:
  stage: linting
  script:
  - pip install pylint
-  - find . -type f -name '*.py' | xargs pylint -rn --rcfile='plotid/.pylintrc'  # Find all python files and check the code with pylint
-
+  - find . -type f -name '*.py' | xargs pylint -rn --rcfile='plotid/.pylintrc'
 test:
  stage: testing
  tags:
@@ -34,11 +35,10 @@ test:
  script:
  - python tests/runner_tests.py
  coverage: "/TOTAL.*\\s+(\\d+\\.\\d+%)$/"
-
 pages:
  stage: docs
  script:
-  - pip install -U sphinx sphinx-autoapi sphinx_rtd_theme myst-parser # sphinx_panels
+  - pip install -U sphinx sphinx-autoapi sphinx_rtd_theme myst-parser
  - cd docs
  - make html
  - mv build/html/ ../public
@@ -48,35 +48,23 @@ pages:
  rules:
  - if: "$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH"
  - when: manual
-
 sast:
  before_script:
  - echo "No before script pls"
  variables:
-    SAST_EXCLUDED_PATHS: spec, test, tmp
+    SAST_EXCLUDED_PATHS: spec, tests, tmp
  stage: security
  tags:
  - docker
-
 dependency_scanning:
  before_script:
  - echo "No before script pls"
  stage: security
-
 license_scanning:
  before_script:
  - echo "No before script pls"
  stage: security
-
 include:
 - template: Security/SAST.gitlab-ci.yml
 - template: Security/Dependency-Scanning.gitlab-ci.yml
 - template: Security/License-Scanning.gitlab-ci.yml
-
-# You can override the included template(s) by including variable overrides
-# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
-# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
-# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
-# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
-# Note that environment variables can be set in several places
-# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence