|
|
@@ -21,3 +21,24 @@ precise:
|
|
|
<<: *ubuntu_def
|
|
|
image: ubuntu:precise
|
|
|
|
|
|
+
|
|
|
+#
|
|
|
+# flawfinder
|
|
|
+# see https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
|
|
|
+#
|
|
|
+sast:
|
|
|
+ image: docker:stable
|
|
|
+ variables:
|
|
|
+ DOCKER_DRIVER: overlay2
|
|
|
+ allow_failure: true
|
|
|
+ services:
|
|
|
+ - docker:stable-dind
|
|
|
+ script:
|
|
|
+ - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
|
|
|
+ - docker run
|
|
|
+ --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
|
|
|
+ --volume "$PWD:/code"
|
|
|
+ --volume /var/run/docker.sock:/var/run/docker.sock
|
|
|
+ "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
|
|
|
+ artifacts:
|
|
|
+ paths: [gl-sast-report.json]
|
Davide Beatrici