-
Notifications
You must be signed in to change notification settings - Fork 43
/
.gitlab-ci.yml
51 lines (44 loc) · 979 Bytes
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
include:
- project: 'prodsec/scp-scanning/gitlab-checkmarx'
ref: latest
file: '/templates/.sast_scan.yml'
- project: 'ci-cd/templates'
ref: master
file: '/prodsec/.oss-scan.yml'
image:
name: "docker-hub.repo.splunkdev.net/openjdk:11.0.11-9-jdk"
stages:
- build
- verify
- release
build:
stage: build
script:
- ./mvnw clean package -DskipTests=true
- ./mvnw verify
sast-scan:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .sast_scan
variables:
SAST_SCANNER: "Semgrep"
# Fail build on high severity security vulnerabilities
alert_mode: "policy"
oss-scan:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .oss-scan
snapshot:
stage: release
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
script:
- ./deploy.sh snapshot
release:
stage: release
rules:
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+.*/'
script:
- ./deploy.sh release