更新.gitlab-ci.yml文件

12772295 · 小白蛋 · 5500bb57 · 12772295
Commit 12772295 authored 3 years ago by 小白蛋
Hide whitespace changes
Inline Side-by-side

Showing

with 36 additions and 28 deletions
+36 -28
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
-  - sast
+  - fortify-sast-scancentral
+  - fortify-get-reprot
 variables:
-  # 用于触发codesec扫描的镜像
-  IMAGE_PATH: "repo.gitsec.cn/docker/ssp-command:latest"
-  # 指定需要扫描的代码仓库
-  GIT_URL: "https://git.gitsec.cn/baidan/cskefu.git"
-  # gitlab登录账号
-  GIT_ACCOUNT: "baidan"
-  # 之前我们生成的项目token
-  GIT_TOKEN: "a_SzLe73mJ4MLKoqgxVY"
-  # git分支（版本号）指定（可以为空，默认使用master）
-  GIT_BRANCH: "osc"
-  # 指定语言（1：Java；9：JavaScript）不指定为自动识别语言
-  LANGUAGE: ""
-  # codesec登录token，需要联系相关负责人获取
-  CODESEC_TOKEN: "eyJhbGciOiJIUzUxMiJ9.eyJub25jZSI6ImZmYTBjYjM1LTFlZjEtNGNhNC04YTEzLTQzYjhlY2I2ZTFjMyIsInN1YiI6ImZmYTBhMTllLWM0MmMtNGE4OC05YmVmLTEwOTAyOWI3YjI3NCJ9.K5lJQ8Lg_a40VMEKUMZtPg1tTFR0f8EhTjGnmgPoAbGF061bO95wO_bllLshe1kVeXo7rwHx0zKJLsOcLbE9Yg
-"
-  # codesec服务地址，需要联系相关负责人获取
-  CODESEC_ADDRESS: "https://sast.gitsec.cn"
-  # codesec是否需要通过https访问
-  CS_HTTPS_ENABLE: "true"
-sast:
-  stage: sast
-  image: "$IMAGE_PATH"
+  build_type: mvn #mvn指代maven 
+
+fortify-sast-scancentral:
+  stage: fortify-sast-scancentral
+  image: repo.gitsec.cn/docker/fortify-ci:v2.1
  script:
-    - /opt/seczone/codesec/ssp-command/jre/bin/java -Doperation=createGit -DgitUrl="$GIT_URL" -DgitAccount="$GIT_ACCOUNT" -DgitToken="$GIT_TOKEN" -DcsToken="$CODESEC_TOKEN" -DcsAddress="$CODESEC_ADDRESS" -DcsHttpsEnable="$CS_HTTPS_ENABLE" -Dlanguage="$LANGUAGE" -DbranchName="$GIT_BRANCH" -jar /opt/seczone/codesec/ssp-command/lib/ssp-command.jar
+    #   执行脚本创建项目以及填入属性
+    - echo $(date +%s) > time.txt
+    -  python3 /home/script/create.py $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) 1 FortifyToken MjMzM2IyNzgtZDRiOS00ZTA4LWJjZjAtOTM3YzhiNTJlMDNj http://fortify.gitsec.cn
+    #   上传待扫描的项目
+    - 'scancentral -url http://fortify.gitsec.cn/scancentral-ctrl/ -ssctoken 5dd97723-c2a4-476e-9351-417e8a50beff start -bt $build_type -upload -application $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) -version 1 -uptoken 5dd97723-c2a4-476e-9351-417e8a50beff | tee -a report.log'
+  allow_failure: true
+      #上传到私有仓库
  artifacts:
-    reports:
-      sast: gl-sast-report.json
    paths:
-      - gl-sast-report.json
-    expire_in: 3 day
\ No newline at end of file
+      - time.txt
+      - report.log
+    expire_in: 1 day
+  
+
+fortify-get-reprot:
+  stage: fortify-get-reprot
+  image: repo.gitsec.cn/docker/fortify-ci:v2.1   
+  script: 
+
+
+# 下载报告扫描结果
+    - 'tail -n 1 report.log ' 
+    - 'cp report.log /home/script' 
+    - 'python3 /home/script/get.py '
+    - 'echo $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt)'
+    - 'FortifyVulnerabilityExporter SSCToGitLabSAST --ssc.baseUrl=http://fortify.gitsec.cn/ssc --ssc.authToken=2333b278-d4b9-4e08-bcf0-937c8b52e03c --ssc.version.name=$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt):1 --ssc.userName="admin"'
+    - 'find / -name "gl-fortify-sast.json"'
+  allow_failure: true
+  artifacts:
+    reports:
+      sast: ./gl-fortify-sast.json
\ No newline at end of file