更新.gitlab-ci.yml文件

69cdb0af · 小白蛋 · d3831c0f · 69cdb0af
Commit 69cdb0af authored 3 years ago by 小白蛋
Hide whitespace changes
Inline Side-by-side

Showing

with 41 additions and 0 deletions
+41 -0
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - fortify-sast-scancentral
+  - fortify-get-reprot
+variables:
+  build_type: mvn #mvn指代maven 
+
+fortify-sast-scancentral:
+  stage: fortify-sast-scancentral
+  image: repo.gitsec.cn/docker/fortify-ci:v2.1
+  script:
+    #   执行脚本创建项目以及填入属性
+    - echo $(date +%s) > time.txt
+    -  python3 /home/script/create.py $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) 1 FortifyToken MjMzM2IyNzgtZDRiOS00ZTA4LWJjZjAtOTM3YzhiNTJlMDNj http://fortify.gitsec.cn
+    #   上传待扫描的项目
+    - 'scancentral -url http://fortify.gitsec.cn/scancentral-ctrl/ -ssctoken 5dd97723-c2a4-476e-9351-417e8a50beff start -bt $build_type -upload -application $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) -version 1 -uptoken 5dd97723-c2a4-476e-9351-417e8a50beff | tee -a report.log'
+  allow_failure: true
+      #上传到私有仓库
+  artifacts:
+    paths:
+      - time.txt
+      - report.log
+    expire_in: 1 day
+  
+
+fortify-get-reprot:
+  stage: fortify-get-reprot
+  image: repo.gitsec.cn/docker/fortify-ci:v2.1   
+  script: 
+
+
+# 下载报告扫描结果
+    - 'tail -n 1 report.log ' 
+    - 'cp report.log /home/script' 
+    - 'python3 /home/script/get.py '
+    - 'echo $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt)'
+    - 'FortifyVulnerabilityExporter SSCToGitLabSAST --ssc.baseUrl=http://fortify.gitsec.cn/ssc --ssc.authToken=2333b278-d4b9-4e08-bcf0-937c8b52e03c --ssc.version.name=$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt):1 --ssc.userName="admin"'
+    - 'find / -name "gl-fortify-sast.json"'
+  allow_failure: true
+  artifacts:
+    reports:
+      sast: ./gl-fortify-sast.json
\ No newline at end of file