Compare commits

..

No commits in common. "40ec68512df97291991e97e5dcf304accb78387f" and "7626afb52028e74f561a52f2d2612890a02c2b5a" have entirely different histories.

View file

@ -9,29 +9,34 @@ spec:
default: "spec, test, tests, tmp" default: "spec, test, tests, tmp"
excluded_analyzers: excluded_analyzers:
default: "" default: ""
image_prefix: analyzer_image:
default: "$CI_TEMPLATE_REGISTRY_HOST/security-products" default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
image_suffix:
dafault: ""
search_max_depth: search_max_depth:
default: 4 default: 4
image_tag: image_tag:
default: 6 default: 6
--- ---
kics-iac-sast: iac-sast:
stage: $[[ inputs.stage ]] stage: $[[ inputs.stage ]]
image:
name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
variables:
SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
script:
- /analyzer run
artifacts: artifacts:
access: 'developer' access: 'developer'
reports: reports:
sast: gl-sast-report.json sast: gl-sast-report.json
rules:
- when: never
# `rules` must be overridden explicitly by each child job
# see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
variables:
SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
allow_failure: true allow_failure: true
script:
- /analyzer run
kics-iac-sast:
extends: iac-sast
image:
name: "$[[ inputs.analyzer_image ]]/kics:$[[ inputs.image_tag ]]"
rules: rules:
- if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
when: never when: never