-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
41 lines (39 loc) · 1.09 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
stages:
- sonarqube-check
- sonarqube-vulnerability-report
sonarqube-check:
stage: sonarqube-check
image:
name: sonarsource/sonar-scanner-cli:5.0
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
allow_failure: true
only:
- merge_requests
- master
- main
- develop
sonarqube-vulnerability-report:
stage: sonarqube-vulnerability-report
script:
- 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=davi-qubee_python-flask-demo_AYvczJwnvZxH4p6_14EG&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
allow_failure: true
only:
- merge_requests
- master
- main
- develop
artifacts:
expire_in: 1 day
reports:
sast: gl-sast-sonar-report.json
dependencies:
- sonarqube-check