Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Cskefu
Commits
12772295
Commit
12772295
authored
2 years ago
by
小 白蛋
Browse files
Options
Download
Email Patches
Plain Diff
更新.gitlab-ci.yml文件
parent
5500bb57
osc
No related merge requests found
Pipeline
#158469
passed with stages
in 5 seconds
Changes
1
Pipelines
827
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
.gitlab-ci.yml
+36
-28
.gitlab-ci.yml
with
36 additions
and
28 deletions
+36
-28
.gitlab-ci.yml
+
36
-
28
View file @
12772295
stages
:
-
sast
-
fortify-sast-scancentral
-
fortify-get-reprot
variables
:
# 用于触发codesec扫描的镜像
IMAGE_PATH
:
"
repo.gitsec.cn/docker/ssp-command:latest"
# 指定需要扫描的代码仓库
GIT_URL
:
"
https://git.gitsec.cn/baidan/cskefu.git"
# gitlab登录账号
GIT_ACCOUNT
:
"
baidan"
# 之前我们生成的项目token
GIT_TOKEN
:
"
a_SzLe73mJ4MLKoqgxVY"
# git分支(版本号)指定(可以为空,默认使用master)
GIT_BRANCH
:
"
osc"
# 指定语言(1:Java;9:JavaScript)不指定为自动识别语言
LANGUAGE
:
"
"
# codesec登录token,需要联系相关负责人获取
CODESEC_TOKEN
:
"
eyJhbGciOiJIUzUxMiJ9.eyJub25jZSI6ImZmYTBjYjM1LTFlZjEtNGNhNC04YTEzLTQzYjhlY2I2ZTFjMyIsInN1YiI6ImZmYTBhMTllLWM0MmMtNGE4OC05YmVmLTEwOTAyOWI3YjI3NCJ9.K5lJQ8Lg_a40VMEKUMZtPg1tTFR0f8EhTjGnmgPoAbGF061bO95wO_bllLshe1kVeXo7rwHx0zKJLsOcLbE9Yg
"
# codesec服务地址,需要联系相关负责人获取
CODESEC_ADDRESS
:
"
https://sast.gitsec.cn"
# codesec是否需要通过https访问
CS_HTTPS_ENABLE
:
"
true"
sast
:
stage
:
sast
image
:
"
$IMAGE_PATH"
build_type
:
mvn
#mvn指代maven
fortify-sast-scancentral
:
stage
:
fortify-sast-scancentral
image
:
repo.gitsec.cn/docker/fortify-ci:v2.1
script
:
-
/opt/seczone/codesec/ssp-command/jre/bin/java -Doperation=createGit -DgitUrl="$GIT_URL" -DgitAccount="$GIT_ACCOUNT" -DgitToken="$GIT_TOKEN" -DcsToken="$CODESEC_TOKEN" -DcsAddress="$CODESEC_ADDRESS" -DcsHttpsEnable="$CS_HTTPS_ENABLE" -Dlanguage="$LANGUAGE" -DbranchName="$GIT_BRANCH" -jar /opt/seczone/codesec/ssp-command/lib/ssp-command.jar
# 执行脚本创建项目以及填入属性
-
echo $(date +%s) > time.txt
-
python3 /home/script/create.py $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) 1 FortifyToken MjMzM2IyNzgtZDRiOS00ZTA4LWJjZjAtOTM3YzhiNTJlMDNj http://fortify.gitsec.cn
# 上传待扫描的项目
-
'
scancentral
-url
http://fortify.gitsec.cn/scancentral-ctrl/
-ssctoken
5dd97723-c2a4-476e-9351-417e8a50beff
start
-bt
$build_type
-upload
-application
$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat
time.txt)
-version
1
-uptoken
5dd97723-c2a4-476e-9351-417e8a50beff
|
tee
-a
report.log'
allow_failure
:
true
#上传到私有仓库
artifacts
:
reports
:
sast
:
gl-sast-report.json
paths
:
-
gl-sast-report.json
expire_in
:
3 day
\ No newline at end of file
-
time.txt
-
report.log
expire_in
:
1 day
fortify-get-reprot
:
stage
:
fortify-get-reprot
image
:
repo.gitsec.cn/docker/fortify-ci:v2.1
script
:
# 下载报告扫描结果
-
'
tail
-n
1
report.log
'
-
'
cp
report.log
/home/script'
-
'
python3
/home/script/get.py
'
-
'
echo
$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat
time.txt)'
-
'
FortifyVulnerabilityExporter
SSCToGitLabSAST
--ssc.baseUrl=http://fortify.gitsec.cn/ssc
--ssc.authToken=2333b278-d4b9-4e08-bcf0-937c8b52e03c
--ssc.version.name=$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat
time.txt):1
--ssc.userName="admin"'
-
'
find
/
-name
"gl-fortify-sast.json"'
allow_failure
:
true
artifacts
:
reports
:
sast
:
./gl-fortify-sast.json
\ No newline at end of file
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help