From 1277229567dc23c4310d95b179a67e01c44732ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=20=E7=99=BD=E8=9B=8B?= <2251984378@qq.com>
Date: Fri, 20 May 2022 13:50:37 +0000
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0.gitlab-ci.yml=E6=96=87?=
=?UTF-8?q?=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.gitlab-ci.yml | 64 ++++++++++++++++++++++++++++----------------------
1 file changed, 36 insertions(+), 28 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 755e3e91..bab87f4e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,33 +1,41 @@
stages:
- - sast
+ - fortify-sast-scancentral
+ - fortify-get-reprot
variables:
- # 鐢ㄤ簬瑙﹀彂codesec鎵弿鐨勯暅鍍�
- IMAGE_PATH: "repo.gitsec.cn/docker/ssp-command:latest"
- # 鎸囧畾闇€瑕佹壂鎻忕殑浠g爜浠撳簱
- GIT_URL: "https://git.gitsec.cn/baidan/cskefu.git"
- # gitlab鐧诲綍璐﹀彿
- GIT_ACCOUNT: "baidan"
- # 涔嬪墠鎴戜滑鐢熸垚鐨勯」鐩畉oken
- GIT_TOKEN: "a_SzLe73mJ4MLKoqgxVY"
- # git鍒嗘敮锛堢増鏈彿锛夋寚瀹氾紙鍙互涓虹┖锛岄粯璁や娇鐢╩aster锛�
- GIT_BRANCH: "osc"
- # 鎸囧畾璇█锛�1锛欽ava锛�9锛欽avaScript锛変笉鎸囧畾涓鸿嚜鍔ㄨ瘑鍒瑷€
- LANGUAGE: ""
- # codesec鐧诲綍token锛岄渶瑕佽仈绯荤浉鍏宠礋璐d汉鑾峰彇
- CODESEC_TOKEN: "eyJhbGciOiJIUzUxMiJ9.eyJub25jZSI6ImZmYTBjYjM1LTFlZjEtNGNhNC04YTEzLTQzYjhlY2I2ZTFjMyIsInN1YiI6ImZmYTBhMTllLWM0MmMtNGE4OC05YmVmLTEwOTAyOWI3YjI3NCJ9.K5lJQ8Lg_a40VMEKUMZtPg1tTFR0f8EhTjGnmgPoAbGF061bO95wO_bllLshe1kVeXo7rwHx0zKJLsOcLbE9Yg
-"
- # codesec鏈嶅姟鍦板潃锛岄渶瑕佽仈绯荤浉鍏宠礋璐d汉鑾峰彇
- CODESEC_ADDRESS: "https://sast.gitsec.cn"
- # codesec鏄惁闇€瑕侀€氳繃https璁块棶
- CS_HTTPS_ENABLE: "true"
-sast:
- stage: sast
- image: "$IMAGE_PATH"
+ build_type: mvn #mvn鎸囦唬maven
+
+fortify-sast-scancentral:
+ stage: fortify-sast-scancentral
+ image: repo.gitsec.cn/docker/fortify-ci:v2.1
script:
- - /opt/seczone/codesec/ssp-command/jre/bin/java -Doperation=createGit -DgitUrl="$GIT_URL" -DgitAccount="$GIT_ACCOUNT" -DgitToken="$GIT_TOKEN" -DcsToken="$CODESEC_TOKEN" -DcsAddress="$CODESEC_ADDRESS" -DcsHttpsEnable="$CS_HTTPS_ENABLE" -Dlanguage="$LANGUAGE" -DbranchName="$GIT_BRANCH" -jar /opt/seczone/codesec/ssp-command/lib/ssp-command.jar
+ # 鎵ц鑴氭湰鍒涘缓椤圭洰浠ュ強濉叆灞炴€�
+ - echo $(date +%s) > time.txt
+ - python3 /home/script/create.py $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) 1 FortifyToken MjMzM2IyNzgtZDRiOS00ZTA4LWJjZjAtOTM3YzhiNTJlMDNj http://fortify.gitsec.cn
+ # 涓婁紶寰呮壂鎻忕殑椤圭洰
+ - 'scancentral -url http://fortify.gitsec.cn/scancentral-ctrl/ -ssctoken 5dd97723-c2a4-476e-9351-417e8a50beff start -bt $build_type -upload -application $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt) -version 1 -uptoken 5dd97723-c2a4-476e-9351-417e8a50beff | tee -a report.log'
+ allow_failure: true
+ #涓婁紶鍒扮鏈変粨搴�
artifacts:
- reports:
- sast: gl-sast-report.json
paths:
- - gl-sast-report.json
- expire_in: 3 day
\ No newline at end of file
+ - time.txt
+ - report.log
+ expire_in: 1 day
+
+
+fortify-get-reprot:
+ stage: fortify-get-reprot
+ image: repo.gitsec.cn/docker/fortify-ci:v2.1
+ script:
+
+
+# 涓嬭浇鎶ュ憡鎵弿缁撴灉
+ - 'tail -n 1 report.log '
+ - 'cp report.log /home/script'
+ - 'python3 /home/script/get.py '
+ - 'echo $CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt)'
+ - 'FortifyVulnerabilityExporter SSCToGitLabSAST --ssc.baseUrl=http://fortify.gitsec.cn/ssc --ssc.authToken=2333b278-d4b9-4e08-bcf0-937c8b52e03c --ssc.version.name=$CI_PROJECT_NAME-$CI_PROJECT_NAMESPACE-$(cat time.txt):1 --ssc.userName="admin"'
+ - 'find / -name "gl-fortify-sast.json"'
+ allow_failure: true
+ artifacts:
+ reports:
+ sast: ./gl-fortify-sast.json
\ No newline at end of file
--
GitLab