-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* chore: Fix broken unit tests * chore: Updated GitLab pipeline to work with latest fcli changes --------- Co-authored-by: kadraman <[email protected]>
- Loading branch information
Showing
13 changed files
with
282 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,34 +1,51 @@ | ||
| # Comment/Uncomment the below depending on whether you are using Fortify on Demand | ||
| # or ScanCentral SAST/DAST. | ||
| include: | ||
| - local: '/devops-integrations/gitlab/debricked-sca.yml' | ||
| - local: '/devops-integrations/gitlab/fortify-sast-scancentral.yml' | ||
| - local: '/devops-integrations/gitlab/fortify-dast-scancentral.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-sast-fod.yml' | ||
|
|
||
| #- local: '/devops-integrations/gitlab/debricked-sca.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-sca.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-sast-scancentral.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-dast-api-scancentral.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-dast-web-scancentral.yml' | ||
| - local: '/devops-integrations/gitlab/fortify-sast-fod.yml' | ||
| - local: '/devops-integrations/gitlab/fortify-dast-fod.yml' | ||
| #- local: '/devops-integrations/gitlab/fortify-ssc-gate.yml' | ||
| - local: '/devops-integrations/gitlab/fortify-fod-gate.yml' | ||
|
|
||
| stages: | ||
| - build | ||
| - deploy | ||
| - test | ||
| - dast | ||
| - report | ||
|
|
||
| build: | ||
| stage: build | ||
| image: maven:3.8.6-eclipse-temurin-8 | ||
| image: maven:3.9-eclipse-temurin-11 | ||
|
|
||
| script: | ||
| script: | ||
| - echo Building project... | ||
| - mvn -Pjar clean package | ||
| - mvn -Dskip.unit.tests=false -DfailIfNoTests=false -Dtest="*,!PasswordConstraintValidatorTest,!UserServiceTest,!DefaultControllerTest" -P jar -B verify package --file pom.xml | ||
| - mvn dependency:tree | ||
| -DoutputFile=.debricked-maven-dependencies.tgf | ||
| -DoutputType=tgf | ||
| when: manual | ||
| #when: manual | ||
| artifacts: | ||
| paths: | ||
| - .debricked-maven-dependencies.tgf | ||
| - / | ||
| - .debricked-maven-dependencies.tgf | ||
| - target/surefire-reports/TEST-*.xml | ||
| expire_in: 3 days | ||
| when: on_success | ||
| reports: | ||
| junit: target/surefire-reports/TEST-*.xml | ||
| when: always | ||
|
|
||
| deploy: | ||
| stage: deploy | ||
| needs: [build] | ||
| script: | ||
| - echo 'Simulating deployment of application...' | ||
|
|
||
| functional-test: | ||
| stage: test | ||
| needs: [deploy] | ||
| script: | ||
| - echo 'Simulating functional test of application...' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,17 @@ | ||
| # Integrate Debricked software composition analysis into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # The following Gitab environment variables must be defined before using this job | ||
| # - $DEBRICKED_TOKEN | ||
| # - $DEBRICKED_REPO | ||
|
|
||
| debricked-sca: | ||
| debricked-scan: | ||
| image: maven:3.9-eclipse-temurin-11 | ||
| stage: test | ||
| script: | ||
| - curl -L https://github.com/debricked/cli/releases/download/release-v2/cli_linux_x86_64.tar.gz | tar -xz debricked | ||
| - ./debricked scan | ||
| needs: [build] | ||
| variables: | ||
| DEBRICKED_TOKEN: $DEBRICKED_TOKEN | ||
| DEBRICKED_TOKEN: $DEBRICKED_TOKEN | ||
| DEBRICKED_EXCLUSIONS: "*.lock,*.json,*fingerprints*,target/**,samples/**" | ||
| script: | ||
| - curl -L https://github.com/debricked/cli/releases/download/release-v2/cli_linux_x86_64.tar.gz | tar -xz debricked | ||
| - chmod +x debricked | ||
| - ./debricked scan --callgraph --prefer-npm -r "${DEBRICKED_REPO}" --access-token="${DEBRICKED_TOKEN}" . | ||
| allow_failure: true |
40 changes: 40 additions & 0 deletions
40
devops-integrations/gitlab/fortify-dast-api-scancentral.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Integrate Fortify ScanCentral Dynamic AppSec Testing (DAST) into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $_FCLI_DEFAULT_SSC_URL | ||
| # - $_FCLI_DEFAULT_SSC_USER | ||
| # - $_FCLI_DEFAULT_SSC_PASSWORD | ||
| # - $SSC_APP_VERSION_ID | ||
| # - $SC_DAST_API_SETTINGS | ||
|
|
||
| fortify-dast-api: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: test | ||
| needs: [deploy] | ||
| only: | ||
| variables: | ||
| - $CI_COMMIT_BRANCH == "main" | ||
| variables: | ||
| FCLI_DEFAULT_SSC_USER: $_FCLI_DEFAULT_SSC_USER | ||
| FCLI_DEFAULT_SSC_PASSWORD: $_FCLI_DEFAULT_SSC_PASSWORD | ||
| FCLI_DEFAULT_SSC_CI_TOKEN: $_FCLI_DEFAULT_SSC_CI_TOKEN | ||
| FCLI_DEFAULT_SSC_URL: $_FCLI_DEFAULT_SSC_URL | ||
| SC_DAST_API_SETTINGS: $SC_DAST_API_SETTINGS | ||
| SC_DAST_SCAN_NAME: "GitLab-Pipelines-API-Scan" | ||
| script: | ||
| - fcli ssc session login | ||
| - fcli sc-dast session login | ||
|
|
||
| - fcli sc-dast scan start --name "$SC_DAST_SCAN_NAME" --settings $SC_DAST_API_SETTINGS --store=Id | ||
| - 'fcli sc-dast scan wait-for ::Id:: --interval=30s' | ||
|
|
||
| - fcli ssc issue count --appversion=$SSC_APP_VERSION_ID | ||
| - fcli ssc action run gitlab-dast-report --appversion=$SSC_APP_VERSION_ID --page-size=1000 | ||
|
|
||
| - fcli sc-dast session logout | ||
| - fcli ssc session logout | ||
| allow_failure: true | ||
| artifacts: | ||
| reports: | ||
| dast: gl-fortify-dast.json | ||
| expire_in: 3 days | ||
| when: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| # Integrate Fortify on Demand Dynamic AppSec Testing (DAST) into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $_FOD_RELEASE_ID | ||
| # - $_FCLI_DEFAULT_FOD_USER | ||
| # - $_FCLI_DEFAULT_FOD_PASSWORD | ||
| # - $_FCLI_DEFAULT_FOD_TENANT | ||
| # - $_FCLI_DEFAULT_FOD_URL | ||
| # Note: this assumes the FoD Release has already been configured for a DAST Automated Website scan | ||
|
|
||
| fortify-dast: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: test | ||
| needs: [deploy] | ||
| only: | ||
| variables: | ||
| - $CI_COMMIT_BRANCH == "main" | ||
| variables: | ||
| FCLI_DEFAULT_FOD_USER: $_FCLI_DEFAULT_FOD_USER | ||
| FCLI_DEFAULT_FOD_PASSWORD: $_FCLI_DEFAULT_FOD_PASSWORD | ||
| FCLI_DEFAULT_FOD_TENANT: $_FCLI_DEFAULT_FOD_TENANT | ||
| FCLI_DEFAULT_FOD_URL: $_FCLI_DEFAULT_FOD_URL | ||
| FOD_RELEASE_ID: $_FOD_RELEASE_ID | ||
| FOD_NOTES: "Triggered by Gitlab Pipeline IID $CI_PIPELINE_IID: $CI_PIPELINE_URL" | ||
| script: | ||
| - fcli fod session login | ||
|
|
||
| - fcli fod dast start --release=$FOD_RELEASE_ID --store=Id | ||
| - 'fcli fod dast wait-for ::Id:: --interval=30s' | ||
|
|
||
| - 'fcli fod issue list --release=$FOD_RELEASE_ID --filters-param "scanType:Dynamic+severty:Critical|High"' | ||
| - fcli fod action run gitlab-dast-report --release=$FOD_RELEASE_ID | ||
|
|
||
| - fcli fod session logout | ||
| allow_failure: true | ||
| artifacts: | ||
| reports: | ||
| dast: gl-fortify-dast.json | ||
| expire_in: 3 days | ||
| when: always |
40 changes: 40 additions & 0 deletions
40
devops-integrations/gitlab/fortify-dast-web-scancentral.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Integrate Fortify ScanCentral Dynamic AppSec Testing (DAST) into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $_FCLI_DEFAULT_SSC_URL | ||
| # - $_FCLI_DEFAULT_SSC_USER | ||
| # - $_FCLI_DEFAULT_SSC_PASSWORD | ||
| # - $SSC_APP_VERSION_ID | ||
| # - $SC_DAST_WEB_SETTINGS | ||
|
|
||
| fortify-dast-web: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: test | ||
| needs: [deploy] | ||
| only: | ||
| variables: | ||
| - $CI_COMMIT_BRANCH == "main" | ||
| variables: | ||
| FCLI_DEFAULT_SSC_USER: $_FCLI_DEFAULT_SSC_USER | ||
| FCLI_DEFAULT_SSC_PASSWORD: $_FCLI_DEFAULT_SSC_PASSWORD | ||
| FCLI_DEFAULT_SSC_CI_TOKEN: $_FCLI_DEFAULT_SSC_CI_TOKEN | ||
| FCLI_DEFAULT_SSC_URL: $_FCLI_DEFAULT_SSC_URL | ||
| SC_DAST_WEB_SETTINGS: $SC_DAST_WEB_SETTINGS | ||
| SC_DAST_SCAN_NAME: "GitLab-Pipelines-Web-Scan" | ||
| script: | ||
| - fcli ssc session login | ||
| - fcli sc-dast session login | ||
|
|
||
| - fcli sc-dast scan start --name "$SC_DAST_SCAN_NAME" --settings $SC_DAST_WEB_SETTINGS --store=Id | ||
| - 'fcli sc-dast scan wait-for ::Id:: --interval=30s' | ||
|
|
||
| - fcli ssc issue count --appversion=$SSC_APP_VERSION_ID | ||
| - fcli ssc action run gitlab-dast-report --appversion=$SSC_APP_VERSION_ID --page-size=1000 | ||
|
|
||
| - fcli sc-dast session logout | ||
| - fcli ssc session logout | ||
| allow_failure: true | ||
| artifacts: | ||
| reports: | ||
| dast: gl-fortify-dast.json | ||
| expire_in: 3 days | ||
| when: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Integrate Fortify on Demand Static Security Gate into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $_FOD_RELEASE_ID | ||
| # - $_FCLI_DEFAULT_FOD_USER | ||
| # - $_FCLI_DEFAULT_FOD_PASSWORD | ||
| # - $_FCLI_DEFAULT_FOD_TENANT | ||
| # - $_FCLI_DEFAULT_FOD_URL | ||
|
|
||
| fortify-security-gate: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: report | ||
| variables: | ||
| FCLI_DEFAULT_FOD_USER: $_FCLI_DEFAULT_FOD_USER | ||
| FCLI_DEFAULT_FOD_PASSWORD: $_FCLI_DEFAULT_FOD_PASSWORD | ||
| FCLI_DEFAULT_FOD_TENANT: $_FCLI_DEFAULT_FOD_TENANT | ||
| FCLI_DEFAULT_FOD_URL: $_FCLI_DEFAULT_FOD_URL | ||
| FOD_RELEASE_ID: $_FOD_RELEASE_ID | ||
| FOD_NOTES: "Triggered by Gitlab Pipeline IID $CI_PIPELINE_IID: $CI_PIPELINE_URL" | ||
| script: | ||
| - fcli fod session login | ||
|
|
||
| - fcli fod action run release-summary --release=$FOD_RELEASE_ID | ||
| - fcli fod action run check-policy --release=$FOD_RELEASE_ID | ||
|
|
||
| - fcli fod session logout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Integrate Debricked software composition analysis into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $DEBRICKED_TOKEN | ||
| # - $DEBRICKED_REPO | ||
| # - $_FCLI_DEFAULT_SSC_URL | ||
| # - $_FCLI_DEFAULT_SSC_USER | ||
| # - $_FCLI_DEFAULT_SSC_PASSWORD | ||
| # - $SSC_APP_VERSION_ID | ||
|
|
||
| debricked-scan: | ||
| image: maven:3.9-eclipse-temurin-11 | ||
| stage: test | ||
| needs: [build] | ||
| variables: | ||
| DEBRICKED_TOKEN: $DEBRICKED_TOKEN | ||
| DEBRICKED_EXCLUSIONS: "*.lock,*.json,*fingerprints*,target/**,samples/**" | ||
| script: | ||
| - curl -L https://github.com/debricked/cli/releases/download/release-v2/cli_linux_x86_64.tar.gz | tar -xz debricked | ||
| - chmod +x debricked | ||
| - ./debricked scan --callgraph --prefer-npm -r "${DEBRICKED_REPO}" --access-token="${DEBRICKED_TOKEN}" . | ||
| allow_failure: true | ||
|
|
||
| fortify-sca: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: test | ||
| needs: [debricked-scan] | ||
| variables: | ||
| FCLI_DEFAULT_SSC_USER: $_FCLI_DEFAULT_SSC_USER | ||
| FCLI_DEFAULT_SSC_PASSWORD: $_FCLI_DEFAULT_SSC_PASSWORD | ||
| FCLI_DEFAULT_SSC_URL: $_FCLI_DEFAULT_SSC_URL | ||
| script: | ||
| - fcli ssc session login | ||
|
|
||
| - fcli ssc artifact import-debricked --appversion=$SSC_APP_VERSION_ID --debricked-access-token=$DEBRICKED_TOKEN --repository=$DEBRICKED_REPO --branch=$CI_COMMIT_BRANCH --save-sbom-as=debricked-sbom.json --store=Id | ||
|
|
||
| - 'fcli ssc artifact wait-for ::Id:: --interval=30s' | ||
|
|
||
| - fcli ssc action run appversion-summary --appversion=$SSC_APP_VERSION_ID | ||
| - fcli ssc action run gitlab-debricked-report --appversion=$SSC_APP_VERSION_ID | ||
|
|
||
| - fcli ssc session logout | ||
| allow_failure: true | ||
| artifacts: | ||
| reports: | ||
| dependency_scanning: gl-fortify-debricked-depscan.json | ||
| #cyclonedx: debricked-sbom.json | ||
| paths: | ||
| - debricked-sbom.json | ||
| expire_in: 3 days | ||
| when: always | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Integrate Fortify Software Security Center Gate into your Gitlab CICD pipeline | ||
| # The following Gitlab environment variables must be defined before using this job | ||
| # - $_FCLI_DEFAULT_SSC_CI_TOKEN | ||
| # - $_FCLI_DEFAULT_SSC_URL | ||
| # - $_FCLI_DEFAULT_SSC_USER | ||
| # - $_FCLI_DEFAULT_SSC_PASSWORD | ||
| # - $SSC_APP_VERSION_ID | ||
|
|
||
| fortify-security-gate: | ||
| image: fortifydocker/fortify-ci-tools:5.5.0-jdk-17 | ||
| stage: report | ||
| variables: | ||
| FCLI_DEFAULT_SSC_USER: $_FCLI_DEFAULT_SSC_USER | ||
| FCLI_DEFAULT_SSC_PASSWORD: $_FCLI_DEFAULT_SSC_PASSWORD | ||
| FCLI_DEFAULT_SSC_CI_TOKEN: $_FCLI_DEFAULT_SSC_CI_TOKEN | ||
| FCLI_DEFAULT_SSC_URL: $_FCLI_DEFAULT_SSC_URL | ||
| script: | ||
| - fcli ssc session login | ||
|
|
||
| - fcli ssc action run appversion-summary --appversion=$SSC_APP_VERSION_ID --filtersets="default" | ||
| - fcli ssc action run check-policy --appversion=$SSC_APP_VERSION_ID | ||
|
|
||
| - fcli ssc session logout |
Oops, something went wrong.