Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Uctoo
Commits
7d0fa4a4
Commit
7d0fa4a4
authored
2 years ago
by
小 白蛋
Browse files
Options
Download
Email Patches
Plain Diff
更新.gitlab-ci.yml文件
parent
790b876b
master
No related merge requests found
Pipeline
#13352
failed with stage
in 60 minutes and 1 second
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
.gitlab-ci.yml
+29
-18
.gitlab-ci.yml
with
29 additions
and
18 deletions
+29
-18
.gitlab-ci.yml
+
29
-
18
View file @
7d0fa4a4
stages
:
-
source
#定义管道中的阶段
source
:
stage
:
source
image
:
"
repo.gitsec.cn/docker/sca_scanner:2.0.11"
#选择使用那个镜像
tags
:
-
k8s
-
sast
variables
:
# 用于触发codesec扫描的镜像
IMAGE_PATH
:
"
repo.gitsec.cn/docker/ssp-command:latest"
# 指定需要扫描的代码仓库
GIT_URL
:
"
https://git.gitsec.cn/baidan/uctoo.git"
# gitlab登录账号
GIT_ACCOUNT
:
"
baidan"
# 之前我们生成的项目token
GIT_TOKEN
:
"
L3sdRCdYYNeyjstnNDCN"
# git分支(版本号)指定(可以为空,默认使用master)
GIT_BRANCH
:
"
"
# 指定语言(1:Java;9:JavaScript)不指定为自动识别语言
LANGUAGE
:
"
"
# codesec登录token,需要联系相关负责人获取
CODESEC_TOKEN
:
"
eyJhbGciOiJIUzUxMiJ9.eyJub25jZSI6ImZmYTBjYjM1LTFlZjEtNGNhNC04YTEzLTQzYjhlY2I2ZTFjMyIsInN1YiI6ImZmYTBhMTllLWM0MmMtNGE4OC05YmVmLTEwOTAyOWI3YjI3NCJ9.K5lJQ8Lg_a40VMEKUMZtPg1tTFR0f8EhTjGnmgPoAbGF061bO95wO_bllLshe1kVeXo7rwHx0zKJLsOcLbE9Yg
"
# codesec服务地址,需要联系相关负责人获取
CODESEC_ADDRESS
:
"
https://sast.gitsec.cn"
# codesec是否需要通过https访问
CS_HTTPS_ENABLE
:
"
true"
sast
:
stage
:
sast
image
:
"
$IMAGE_PATH"
script
:
-
java -jar /opt/seczone/scanner.jar --filePath $PWD --parseFrom 4 --cliMode portal --projectName baidan --phase Phase_1 --onCache
true
--mergeMode FULL --retrunCheckReport
true
--token b3JnYWRtaW5Ac2Vjem9uZS5jbjpiOGNhMmRiZmE1YTA0ZmJlOTc3ZWI3YzZhZTcwODk4MA== --portalIp https://sca.seczone.cn/
#需要修改的值,token如果失效需要找管理员申请,portalIp为工具地址(该字段不用修改),filePath检测的文件目录,在k8s中为/builds/gitlab用户名/项目名称(例如“/builds/admin/MCMS”)projectName,项目名称修改成你想要的防止重复导致失败
-
ls;pwd
-
/opt/seczone/codesec/ssp-command/jre/bin/java -Doperation=createGit -DgitUrl="$GIT_URL" -DgitAccount="$GIT_ACCOUNT" -DgitToken="$GIT_TOKEN" -DcsToken="$CODESEC_TOKEN" -DcsAddress="$CODESEC_ADDRESS" -DcsHttpsEnable="$CS_HTTPS_ENABLE" -Dlanguage="$LANGUAGE" -DbranchName="$GIT_BRANCH" -jar /opt/seczone/codesec/ssp-command/lib/ssp-command.jar
artifacts
:
reports
:
dependency_scanning
:
vulReport.json
license_scanning
:
licenseReport.json
reports
:
sast
:
gl-sast-report.json
paths
:
-
licenseReport.json
-
vulReport.json
#读取检测结果不用修改
expire_in
:
3 day
\ No newline at end of file
-
gl-sast-report.json
expire_in
:
3 day
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help