From deca150efd76d1ee4f39143f195e086987818fd8 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:14:45 +0300 Subject: [PATCH 01/28] test --- .gitlab/ci/.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 898f6abb4ea..367d17cdd31 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -58,3 +58,6 @@ include: - local: .gitlab/ci/sdk-nightly.yml - local: .gitlab/ci/miscellaneous.yml - local: .gitlab/ci/test-native-candidate.yml + - file: '/test-ref.yml' + ref: test_refs + project: 'content-test-conf/.gitlab' From f859bd39bb8a9886a4c8d59ee73d01907a878455 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:20:38 +0300 Subject: [PATCH 02/28] test --- .gitlab/ci/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 367d17cdd31..9411919b708 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -58,6 +58,6 @@ include: - local: .gitlab/ci/sdk-nightly.yml - local: .gitlab/ci/miscellaneous.yml - local: .gitlab/ci/test-native-candidate.yml - - file: '/test-ref.yml' + - file: '/.gitlab/test-ref.yml' ref: test_refs - project: 'content-test-conf/.gitlab' + project: 'content-test-conf/content-test-conf' From 6c673973a2ec3a80ec083883e34ed12f45e2b6e4 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:25:06 +0300 Subject: [PATCH 03/28] test --- .gitlab/ci/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 9411919b708..748ea8a780f 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -60,4 +60,4 @@ include: - local: .gitlab/ci/test-native-candidate.yml - file: '/.gitlab/test-ref.yml' ref: test_refs - project: 'content-test-conf/content-test-conf' + project: '/content-test-conf/-' From 2b7e2b778794c2bdcff1b2f5715319f20e871f5d Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:29:51 +0300 Subject: [PATCH 04/28] test --- .gitlab/ci/.gitlab-ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 748ea8a780f..c6359da0522 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -58,6 +58,5 @@ include: - local: .gitlab/ci/sdk-nightly.yml - local: .gitlab/ci/miscellaneous.yml - local: .gitlab/ci/test-native-candidate.yml - - file: '/.gitlab/test-ref.yml' - ref: test_refs - project: '/content-test-conf/-' + - remote: 'https://code.pan.run/xsoar/content-test-conf/-/merge_requests/1618/.gitlab/test-ref.yml' + From 5c1891fbb12e203e9ccef59dbd491d861feab051 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:34:59 +0300 Subject: [PATCH 05/28] test --- .gitlab/ci/.gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index c6359da0522..81aca5e3151 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -58,5 +58,6 @@ include: - local: .gitlab/ci/sdk-nightly.yml - local: .gitlab/ci/miscellaneous.yml - local: .gitlab/ci/test-native-candidate.yml - - remote: 'https://code.pan.run/xsoar/content-test-conf/-/merge_requests/1618/.gitlab/test-ref.yml' - + - file: '/.gitlab/test-ref.yml' + ref: test_refs + project: '/xsoar/content-test-conf/' From 4b5de1158979ab72b63035bd4170c3716a72650f Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:36:36 +0300 Subject: [PATCH 06/28] test --- .gitlab/ci/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 81aca5e3151..574bbc0b181 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -60,4 +60,4 @@ include: - local: .gitlab/ci/test-native-candidate.yml - file: '/.gitlab/test-ref.yml' ref: test_refs - project: '/xsoar/content-test-conf/' + project: '/xsoar/content-test-conf' From b2273ed8987f6b7bdcd29db5855eaed81d39f0f2 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:45:20 +0300 Subject: [PATCH 07/28] test --- .gitlab/ci/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 574bbc0b181..5b08a766136 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -60,4 +60,4 @@ include: - local: .gitlab/ci/test-native-candidate.yml - file: '/.gitlab/test-ref.yml' ref: test_refs - project: '/xsoar/content-test-conf' + project: 'xsoar/content-test-conf' From 58ddc1b1906f2c02400dd317910b8a1979b60152 Mon Sep 17 00:00:00 2001 From: yucohen Date: Mon, 17 Apr 2023 14:47:39 +0300 Subject: [PATCH 08/28] test --- .gitlab/ci/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 5b08a766136..f6df7e8b4ac 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -9,6 +9,7 @@ default: when: always stages: + - security - unittests-and-validations - prepare-testing-bucket - run-instances From 1d378dfacff6334f80737ccbc8138df48a9c6ce8 Mon Sep 17 00:00:00 2001 From: yucohen Date: Wed, 24 May 2023 18:52:49 +0300 Subject: [PATCH 09/28] test --- .gitlab/ci/.gitlab-ci.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 7860c80b68e..4f76231944c 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -8,8 +8,18 @@ default: - /builds/xsoar/content/pipeline_jobs_folder/* when: always +auto secure cicd: + stage: security + variables: + PYTHONPATH: "/root/prodsec_tools/" + trigger: + include: + - file: "/.gitlab/test-ref.yml" + ref: test_refs + project: "xsoar/content-test-conf" + strategy: depend + stages: - - security - unittests-and-validations - prepare-testing-bucket - run-instances @@ -60,6 +70,3 @@ include: - local: .gitlab/ci/sdk-nightly.yml - local: .gitlab/ci/miscellaneous.yml - local: .gitlab/ci/test-native-candidate.yml - - file: '/.gitlab/test-ref.yml' - ref: test_refs - project: 'xsoar/content-test-conf' From a51b1e98da3963241a8a16e21a3f2b1763fe466b Mon Sep 17 00:00:00 2001 From: yucohen Date: Wed, 24 May 2023 18:53:56 +0300 Subject: [PATCH 10/28] test --- .gitlab/ci/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 4f76231944c..7454882f7f6 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -20,6 +20,7 @@ auto secure cicd: strategy: depend stages: + - security - unittests-and-validations - prepare-testing-bucket - run-instances From d864e169063bcdee817fb107b4730de186ebe13f Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 11:57:49 +0300 Subject: [PATCH 11/28] added as a new build flow --- .gitlab/ci/.gitlab-ci.security-scans.yml | 28 ++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .gitlab/ci/.gitlab-ci.security-scans.yml diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml new file mode 100644 index 00000000000..efd6861838f --- /dev/null +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -0,0 +1,28 @@ +.auto-secure-cicd-rule: + rules: + - if: '$CI_COMMIT_BRANCH =~ master' + when: never + - if: 'SECURITY_SCANS == "true"' + +.auto-secure-cicd-rule-always: + rules: + - if: '$CI_COMMIT_BRANCH =~ master' + when: never + - if: 'SECURITY_SCANS == "true"' + when: always + +auto secure cicd: + stage: security + variables: + PYTHONPATH: "/root/prodsec_tools/" + trigger: + include: + - file: "/.gitlab/test-ref.yml" + ref: test_refs + project: "xsoar/content-test-conf" + strategy: depend + extends: + .auto-secure-cicd-rule + +stages: + - security \ No newline at end of file From e4081858451d05968f200062154bbd9742325eba Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:00:53 +0300 Subject: [PATCH 12/28] reverted gitlab --- .gitlab/ci/.gitlab-ci.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 9d566c1f113..4141c488db6 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -8,19 +8,7 @@ default: - /builds/xsoar/content/pipeline_jobs_folder/* when: always -auto secure cicd: - stage: security - variables: - PYTHONPATH: "/root/prodsec_tools/" - trigger: - include: - - file: "/.gitlab/test-ref.yml" - ref: test_refs - project: "xsoar/content-test-conf" - strategy: depend - stages: - - security - unittests-and-validations - prepare-testing-bucket - run-instances From 53644a5aecf995d257b0b345c76aa2bc266b98d8 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:07:45 +0300 Subject: [PATCH 13/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index efd6861838f..ea23a1e29e0 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -1,12 +1,12 @@ .auto-secure-cicd-rule: rules: - - if: '$CI_COMMIT_BRANCH =~ master' + - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' when: never - if: 'SECURITY_SCANS == "true"' .auto-secure-cicd-rule-always: rules: - - if: '$CI_COMMIT_BRANCH =~ master' + - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' when: never - if: 'SECURITY_SCANS == "true"' when: always From 7c465e0b4f1b4444547dc7e1946cf99174aabb08 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:10:51 +0300 Subject: [PATCH 14/28] added to include --- .gitlab/ci/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 4141c488db6..8ebbe7a9eab 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -65,3 +65,4 @@ include: - local: .gitlab/ci/.gitlab-ci.sdk-nightly.yml - local: .gitlab/ci/.gitlab-ci.miscellaneous.yml - local: .gitlab/ci/.gitlab-ci.test-native-candidate.yml + - local: .gitlab/ci/.gitlab-ci.security-scans.yml From 1a9ccfd63b3dcf852eb368b1f2fdaafe4a3b85c1 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:17:33 +0300 Subject: [PATCH 15/28] fixed syntax --- .gitlab/ci/.gitlab-ci.security-scans.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index ea23a1e29e0..36d9ae6d24c 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -2,13 +2,13 @@ rules: - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' when: never - - if: 'SECURITY_SCANS == "true"' + - if: '$SECURITY_SCANS == "true"' .auto-secure-cicd-rule-always: rules: - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' when: never - - if: 'SECURITY_SCANS == "true"' + - if: '$SECURITY_SCANS == "true"' when: always auto secure cicd: From b97ed8290b8b63c78bb8f1c1e0b361a8ac6e4d5d Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:19:25 +0300 Subject: [PATCH 16/28] fixed syntax --- .gitlab/ci/.gitlab-ci.security-scans.yml | 4 +--- .gitlab/ci/.gitlab-ci.yml | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 36d9ae6d24c..e8e2eb48b60 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -23,6 +23,4 @@ auto secure cicd: strategy: depend extends: .auto-secure-cicd-rule - -stages: - - security \ No newline at end of file + \ No newline at end of file diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 8ebbe7a9eab..1ce6d5a00a6 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -15,6 +15,7 @@ stages: - test_playbooks_report - upload-to-marketplace - are-jobs-really-done + - security - fan-in # concentrate pipeline artifacts to single job before triggering child slack pipeline From 23dfbfad88f1d028a2fad186ba04854a095dd05b Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 12:23:59 +0300 Subject: [PATCH 17/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index e8e2eb48b60..663b6a73a54 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -1,16 +1,7 @@ .auto-secure-cicd-rule: rules: - - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' - when: never - if: '$SECURITY_SCANS == "true"' -.auto-secure-cicd-rule-always: - rules: - - if: '$CI_COMMIT_BRANCH =~ /pull\/[0-9]+/' - when: never - - if: '$SECURITY_SCANS == "true"' - when: always - auto secure cicd: stage: security variables: @@ -23,4 +14,3 @@ auto secure cicd: strategy: depend extends: .auto-secure-cicd-rule - \ No newline at end of file From c1e9b29c0ff085e077da8a5352c84efabecf0b7f Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:21:01 +0300 Subject: [PATCH 18/28] test --- .gitlab/ci/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 1ce6d5a00a6..cfdc69642b6 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -9,13 +9,13 @@ default: when: always stages: + - security - unittests-and-validations - prepare-testing-bucket - run-instances - test_playbooks_report - upload-to-marketplace - are-jobs-really-done - - security - fan-in # concentrate pipeline artifacts to single job before triggering child slack pipeline From 682db3e78c5b29da05675356a6d4c4d16d866329 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:38:44 +0300 Subject: [PATCH 19/28] test --- .gitlab/ci/.gitlab-ci.global.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.global.yml b/.gitlab/ci/.gitlab-ci.global.yml index 7df4c50f18c..c6465aff253 100644 --- a/.gitlab/ci/.gitlab-ci.global.yml +++ b/.gitlab/ci/.gitlab-ci.global.yml @@ -313,9 +313,6 @@ fi - section_end "Run Unit Testing and Lint" - job-done - parallel: - matrix: - - DOCKER: ['native:ga,native:maintenance,native:candidate','native:dev,from-yml'] .run-validations: stage: unittests-and-validations From b0108973a297f2f43db49cef2e55d33de6b63ffc Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:40:24 +0300 Subject: [PATCH 20/28] test --- .gitlab/ci/.gitlab-ci.global.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab/ci/.gitlab-ci.global.yml b/.gitlab/ci/.gitlab-ci.global.yml index c6465aff253..7df4c50f18c 100644 --- a/.gitlab/ci/.gitlab-ci.global.yml +++ b/.gitlab/ci/.gitlab-ci.global.yml @@ -313,6 +313,9 @@ fi - section_end "Run Unit Testing and Lint" - job-done + parallel: + matrix: + - DOCKER: ['native:ga,native:maintenance,native:candidate','native:dev,from-yml'] .run-validations: stage: unittests-and-validations From d1515ec6886d696a095d139b76075f438f4ea765 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:43:21 +0300 Subject: [PATCH 21/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 25 ++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 663b6a73a54..2d68443c81a 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -2,15 +2,16 @@ rules: - if: '$SECURITY_SCANS == "true"' -auto secure cicd: - stage: security - variables: - PYTHONPATH: "/root/prodsec_tools/" - trigger: - include: - - file: "/.gitlab/test-ref.yml" - ref: test_refs - project: "xsoar/content-test-conf" - strategy: depend - extends: - .auto-secure-cicd-rule +security: + auto secure cicd: + stage: security + variables: + PYTHONPATH: "/root/prodsec_tools/" + trigger: + include: + - file: "/.gitlab/test-ref.yml" + ref: test_refs + project: "xsoar/content-test-conf" + strategy: depend + extends: + .auto-secure-cicd-rule From a41f0c3ec3f0da60c7aa9f43e375a5b4d6bfd216 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:44:21 +0300 Subject: [PATCH 22/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 2d68443c81a..58b6ecf227b 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -2,6 +2,9 @@ rules: - if: '$SECURITY_SCANS == "true"' +stages: + - security + security: auto secure cicd: stage: security From 745843652795919238a48347ba2ec283f54588cf Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 13:46:00 +0300 Subject: [PATCH 23/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 25 ++++++++++++------------ 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 58b6ecf227b..17f7e89796f 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -5,16 +5,15 @@ stages: - security -security: - auto secure cicd: - stage: security - variables: - PYTHONPATH: "/root/prodsec_tools/" - trigger: - include: - - file: "/.gitlab/test-ref.yml" - ref: test_refs - project: "xsoar/content-test-conf" - strategy: depend - extends: - .auto-secure-cicd-rule +auto secure cicd: + stage: security + variables: + PYTHONPATH: "/root/prodsec_tools/" + trigger: + include: + - file: "/.gitlab/test-ref.yml" + ref: test_refs + project: "xsoar/content-test-conf" + strategy: depend + extends: + .auto-secure-cicd-rule From c901df73acfd9e89ec6dd2886694afd179ac9260 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 14:34:08 +0300 Subject: [PATCH 24/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 29 ++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 17f7e89796f..e660674cce0 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -2,6 +2,11 @@ rules: - if: '$SECURITY_SCANS == "true"' +.auto-secure-cicd-rule-always: + rules: + - if: '$SECURITY_SCANS == "true"' + when: always + stages: - security @@ -17,3 +22,27 @@ auto secure cicd: strategy: depend extends: .auto-secure-cicd-rule + +fan-in-security-scans: + tags: + - gke + stage: fan-in + extends: + - .auto-secure-cicd-rule-always + script: + - echo "fan in" + + +slack-notify-security-scans: + variables: + PIPELINE_TO_QUERY: $CI_PIPELINE_ID + WORKFLOW: 'Security Scans' + JOB_NAME: 'fan-in-security-scans' + # Passes the environment variable from the parent pipeline to the child which can be useful for cases + # when triggering pipeline with alternate env variable value passed in the API call + SLACK_CHANNEL: $SLACK_CHANNEL + SLACK_JOB: 'true' + extends: + - .trigger-slack-notification + - .auto-secure-cicd-rule-always + From cc70d16172f5ab5c327b89beedda2cb49818be1d Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 14:55:25 +0300 Subject: [PATCH 25/28] test --- .gitlab/ci/.gitlab-ci.on-push.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab/ci/.gitlab-ci.on-push.yml b/.gitlab/ci/.gitlab-ci.on-push.yml index b16c3ac8c33..b5f85adfd2c 100644 --- a/.gitlab/ci/.gitlab-ci.on-push.yml +++ b/.gitlab/ci/.gitlab-ci.on-push.yml @@ -69,6 +69,8 @@ run-unittests-and-lint: rules: - if: '$BUCKET_UPLOAD == "true"' when: never + - if: '$SECURITY_SCANS == "true"' + when: never - if: '$FORCE_BUCKET_UPLOAD == "true"' when: never - if: '$DEMISTO_TEST_NATIVE_CANDIDATE == "true"' From d3627d31996754e584471901dc44ddfc36bbd1a7 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 14:59:03 +0300 Subject: [PATCH 26/28] test --- Tests/scripts/gitlab_slack_notifier.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/scripts/gitlab_slack_notifier.py b/Tests/scripts/gitlab_slack_notifier.py index b4630306d3f..af7b62c0ca0 100644 --- a/Tests/scripts/gitlab_slack_notifier.py +++ b/Tests/scripts/gitlab_slack_notifier.py @@ -26,7 +26,8 @@ SDK_NIGHTLY = 'Demisto SDK Nightly' PRIVATE_NIGHTLY = 'Private Nightly' TEST_NATIVE_CANDIDATE = 'Test Native Candidate' -WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE} +SECURITY_SCANS = 'Security Scans' +WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE, SECURITY_SCANS} SLACK_USERNAME = 'Content GitlabCI' From 078ae464e011bb5a8dba93102a3a47399e76e8b8 Mon Sep 17 00:00:00 2001 From: yucohen Date: Tue, 5 Sep 2023 15:27:20 +0300 Subject: [PATCH 27/28] test --- .gitlab/ci/.gitlab-ci.security-scans.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index e660674cce0..77ec1c62f26 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -16,9 +16,9 @@ auto secure cicd: PYTHONPATH: "/root/prodsec_tools/" trigger: include: - - file: "/.gitlab/test-ref.yml" - ref: test_refs - project: "xsoar/content-test-conf" + - file: "/.gitlab/ci/security-scans.yml" + ref: add_auto_secure_cicd + project: "xsoar/infra" strategy: depend extends: .auto-secure-cicd-rule From 843937d0c5efd4a7d7c0a153951714af0df7f716 Mon Sep 17 00:00:00 2001 From: yucohen Date: Wed, 6 Sep 2023 07:51:26 +0300 Subject: [PATCH 28/28] changed ref to master --- .gitlab/ci/.gitlab-ci.security-scans.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml index 77ec1c62f26..3e29ab95b34 100644 --- a/.gitlab/ci/.gitlab-ci.security-scans.yml +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -17,7 +17,7 @@ auto secure cicd: trigger: include: - file: "/.gitlab/ci/security-scans.yml" - ref: add_auto_secure_cicd + ref: master project: "xsoar/infra" strategy: depend extends: