Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security scans #25915

Merged
merged 47 commits into from
Sep 6, 2023
Merged

Security scans #25915

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
deca150
test
yucohen Apr 17, 2023
f859bd3
test
yucohen Apr 17, 2023
6c67397
test
yucohen Apr 17, 2023
2b7e2b7
test
yucohen Apr 17, 2023
5c1891f
test
yucohen Apr 17, 2023
4b5de11
test
yucohen Apr 17, 2023
b2273ed
test
yucohen Apr 17, 2023
58ddc1b
test
yucohen Apr 17, 2023
1fab1d3
Merge branch 'master' into test_info
yucohen Apr 20, 2023
bba6040
Merge remote-tracking branch 'origin/master' into test_info
yucohen Apr 24, 2023
90281b6
Merge remote-tracking branch 'origin/master' into test_info
yucohen Apr 27, 2023
3406964
Merge remote-tracking branch 'origin/master' into test_info
yucohen Apr 30, 2023
38bb7b3
Merge branch 'master' into test_info
yucohen May 4, 2023
841a4bd
Merge branch 'master' into test_info
yucohen May 22, 2023
ee16846
Merge remote-tracking branch 'origin/master' into test_info
yucohen May 24, 2023
1d378df
test
yucohen May 24, 2023
a51b1e9
test
yucohen May 24, 2023
664ca32
Merge branch 'master' into test_info
yucohen May 30, 2023
8af9247
Merge branch 'master' into test_info
yucohen May 31, 2023
e224371
Merge branch 'master' into test_info
yucohen Jun 4, 2023
5fdefb5
Merge branch 'master' into test_info
yucohen Jul 6, 2023
4c96425
Merge branch 'master' into test_info
yucohen Jul 24, 2023
a254c4e
Merge branch 'master' into test_info
yucohen Jul 26, 2023
e5c75f8
Merge branch 'master' into test_info
yucohen Aug 2, 2023
e0b4390
Merge branch 'master' into test_info
yucohen Aug 16, 2023
5d30654
Merge branch 'master' into test_info
yucohen Aug 24, 2023
b8de48b
Merge branch 'master' into test_info
yucohen Aug 27, 2023
c348f40
Merge branch 'master' into test_info
yucohen Sep 4, 2023
d864e16
added as a new build flow
yucohen Sep 5, 2023
e408185
reverted gitlab
yucohen Sep 5, 2023
53644a5
test
yucohen Sep 5, 2023
7c465e0
added to include
yucohen Sep 5, 2023
1a9ccfd
fixed syntax
yucohen Sep 5, 2023
b97ed82
fixed syntax
yucohen Sep 5, 2023
23dfbfa
test
yucohen Sep 5, 2023
c1e9b29
test
yucohen Sep 5, 2023
682db3e
test
yucohen Sep 5, 2023
b010897
test
yucohen Sep 5, 2023
d1515ec
test
yucohen Sep 5, 2023
a41f0c3
test
yucohen Sep 5, 2023
7458436
test
yucohen Sep 5, 2023
c901df7
test
yucohen Sep 5, 2023
cc70d16
test
yucohen Sep 5, 2023
d3627d3
test
yucohen Sep 5, 2023
078ae46
test
yucohen Sep 5, 2023
843937d
changed ref to master
yucohen Sep 6, 2023
807e738
Merge remote-tracking branch 'origin/master' into test_info
yucohen Sep 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitlab/ci/.gitlab-ci.on-push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ run-unittests-and-lint:
rules:
- if: '$BUCKET_UPLOAD == "true"'
when: never
- if: '$SECURITY_SCANS == "true"'
when: never
- if: '$FORCE_BUCKET_UPLOAD == "true"'
when: never
- if: '$DEMISTO_TEST_NATIVE_CANDIDATE == "true"'
Expand Down
48 changes: 48 additions & 0 deletions .gitlab/ci/.gitlab-ci.security-scans.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
.auto-secure-cicd-rule:
rules:
- if: '$SECURITY_SCANS == "true"'

.auto-secure-cicd-rule-always:
rules:
- if: '$SECURITY_SCANS == "true"'
when: always

stages:
- security

auto secure cicd:
stage: security
variables:
PYTHONPATH: "/root/prodsec_tools/"
trigger:
include:
- file: "/.gitlab/ci/security-scans.yml"
ref: master
project: "xsoar/infra"
strategy: depend
extends:
.auto-secure-cicd-rule

fan-in-security-scans:
tags:
- gke
stage: fan-in
extends:
- .auto-secure-cicd-rule-always
script:
- echo "fan in"


slack-notify-security-scans:
variables:
PIPELINE_TO_QUERY: $CI_PIPELINE_ID
WORKFLOW: 'Security Scans'
JOB_NAME: 'fan-in-security-scans'
# Passes the environment variable from the parent pipeline to the child which can be useful for cases
# when triggering pipeline with alternate env variable value passed in the API call
SLACK_CHANNEL: $SLACK_CHANNEL
SLACK_JOB: 'true'
extends:
- .trigger-slack-notification
- .auto-secure-cicd-rule-always

2 changes: 2 additions & 0 deletions .gitlab/ci/.gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ default:
when: always

stages:
- security
- unittests-and-validations
- prepare-testing-bucket
- run-instances
Expand Down Expand Up @@ -68,3 +69,4 @@ include:
- local: .gitlab/ci/.gitlab-ci.sdk-nightly.yml
- local: .gitlab/ci/.gitlab-ci.miscellaneous.yml
- local: .gitlab/ci/.gitlab-ci.test-native-candidate.yml
- local: .gitlab/ci/.gitlab-ci.security-scans.yml
3 changes: 2 additions & 1 deletion Tests/scripts/gitlab_slack_notifier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@
SDK_NIGHTLY = 'Demisto SDK Nightly'
PRIVATE_NIGHTLY = 'Private Nightly'
TEST_NATIVE_CANDIDATE = 'Test Native Candidate'
WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE}
SECURITY_SCANS = 'Security Scans'
WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE, SECURITY_SCANS}
SLACK_USERNAME = 'Content GitlabCI'


Expand Down