Commit 7d0fa4a4 authored by 小 白蛋's avatar 小 白蛋
Browse files

更新.gitlab-ci.yml文件

parent 790b876b
No related merge requests found
Pipeline #13352 failed with stage
in 60 minutes and 1 second
Showing with 29 additions and 18 deletions
+29 -18
stages:
- source
#定义管道中的阶段
source:
stage: source
image: "repo.gitsec.cn/docker/sca_scanner:2.0.11"
#选择使用那个镜像
tags:
- k8s
- sast
variables:
# 用于触发codesec扫描的镜像
IMAGE_PATH: "repo.gitsec.cn/docker/ssp-command:latest"
# 指定需要扫描的代码仓库
GIT_URL: "https://git.gitsec.cn/baidan/uctoo.git"
# gitlab登录账号
GIT_ACCOUNT: "baidan"
# 之前我们生成的项目token
GIT_TOKEN: "L3sdRCdYYNeyjstnNDCN"
# git分支(版本号)指定(可以为空,默认使用master)
GIT_BRANCH: ""
# 指定语言(1:Java;9:JavaScript)不指定为自动识别语言
LANGUAGE: ""
# codesec登录token,需要联系相关负责人获取
CODESEC_TOKEN: "eyJhbGciOiJIUzUxMiJ9.eyJub25jZSI6ImZmYTBjYjM1LTFlZjEtNGNhNC04YTEzLTQzYjhlY2I2ZTFjMyIsInN1YiI6ImZmYTBhMTllLWM0MmMtNGE4OC05YmVmLTEwOTAyOWI3YjI3NCJ9.K5lJQ8Lg_a40VMEKUMZtPg1tTFR0f8EhTjGnmgPoAbGF061bO95wO_bllLshe1kVeXo7rwHx0zKJLsOcLbE9Yg
"
# codesec服务地址,需要联系相关负责人获取
CODESEC_ADDRESS: "https://sast.gitsec.cn"
# codesec是否需要通过https访问
CS_HTTPS_ENABLE: "true"
sast:
stage: sast
image: "$IMAGE_PATH"
script:
- java -jar /opt/seczone/scanner.jar --filePath $PWD --parseFrom 4 --cliMode portal --projectName baidan --phase Phase_1 --onCache true --mergeMode FULL --retrunCheckReport true --token b3JnYWRtaW5Ac2Vjem9uZS5jbjpiOGNhMmRiZmE1YTA0ZmJlOTc3ZWI3YzZhZTcwODk4MA== --portalIp https://sca.seczone.cn/
#需要修改的值,token如果失效需要找管理员申请,portalIp为工具地址(该字段不用修改),filePath检测的文件目录,在k8s中为/builds/gitlab用户名/项目名称(例如“/builds/admin/MCMS”)projectName,项目名称修改成你想要的防止重复导致失败
- ls;pwd
- /opt/seczone/codesec/ssp-command/jre/bin/java -Doperation=createGit -DgitUrl="$GIT_URL" -DgitAccount="$GIT_ACCOUNT" -DgitToken="$GIT_TOKEN" -DcsToken="$CODESEC_TOKEN" -DcsAddress="$CODESEC_ADDRESS" -DcsHttpsEnable="$CS_HTTPS_ENABLE" -Dlanguage="$LANGUAGE" -DbranchName="$GIT_BRANCH" -jar /opt/seczone/codesec/ssp-command/lib/ssp-command.jar
artifacts:
reports:
dependency_scanning: vulReport.json
license_scanning: licenseReport.json
reports:
sast: gl-sast-report.json
paths:
- licenseReport.json
- vulReport.json
#读取检测结果不用修改
expire_in: 3 day
\ No newline at end of file
- gl-sast-report.json
expire_in: 3 day
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment