feat: Add GitLab Scanners

8331cd5c · Andrew Newdigate · 7079594a · 8331cd5c · 8331cd5c
Unverified Commit 8331cd5c authored 3 years ago by Andrew Newdigate
--- a/README.md
+++ b/README.md
@@ -4,6 +4,18 @@ This project includes reuseable GitLab-CI jobs for the GitLab Dedicated Project
  
 ## CI Jobs
  
+### `gitlab-scanners`
+
+This adds various GitLab SAST, Dependency Scanner, Secret Detection, Licence Scanning, Container Scanning and IAC Scanner tools.
+
+* Default Stage: `validate`
+
+```yaml
+include:
+  - project: 'gitlab-com/gl-infra/common-ci-tasks'
+    file: 'gitlab-scanners.yml'
+```
+
 ### `golangci_lint`
  
 * Default Stage: `validate`

--- a/gitlab-scanners.yml
+++ b/gitlab-scanners.yml
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml
+  - template: Security/SAST-IaC.latest.gitlab-ci.yml
+
+sast:
+  stage: validate
+  needs: []
+
+".secret-analyzer":
+  stage: validate
+  needs: []
+
+# https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
+dependency_scanning:
+  stage: validate
+  needs: []
+
+license_scanning:
+  stage: validate
+  needs: []
+
+# https://docs.gitlab.com/ee/user/application_security/iac_scanning/#configure-iac-scanning-manually
+iac-sast:
+  stage: validate
+  needs: []