gitlab | runner | ci/cd laravel | ci/cd react | sast
THIS IS AN ON-GOING DRAFT
test CI/CD stageinstall Docker CE on your runner
then grab images for the scanners you would like e.g. nodejsscan and phpcs
usermod -aG docker gitlab-runner su - gitlab-runner docker ps -a docker pull opensecurity/nodejsscan:latest docker pull alpine ^D
and register your runner with the docker executor
as root
gitlab-runner register
now clone the official repo and add the templates/ folder to yours
git clone https://gitlab.com/gitlab-org/gitlab.git cp -a gitlab/templates/ validate-ci-cd/ rm -rf gitlab/
vi gitlab-ci.yml stages: - test - deploy sast: stage: test include: - template: Jobs/SAST.gitlab-ci.yml
Static Application Security Testing (SAST) https://docs.gitlab.com/ee/user/application_security/sast/
SAST analyzers https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html
How to Setup DevSecOps Pipeline in GitLab https://www.magalix.com/docs/how-to-setup-devsecops-pipeline-in-gitlab
https://github.com/ajinabraham/NodeJsScan
https://github.com/FloeDesignTechnologies/phpcs-security-audit
https://github.com/zricethezav/gitleaks
How to tailor SAST and Secret Detection to your application context with custom rulesets https://about.gitlab.com/blog/2021/12/21/rule-pack-synthesis/
# You can override the included template(s) by including variable overrides # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings # Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings # Note that environment variables can be set in several places # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html
https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates
https://docs.gitlab.com/ee/user/application_security/sast/
production:helm-2to3:migrate job: dependency build is not defined in current or prior stages https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html