-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
45 lines (43 loc) · 1.33 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
stages:
- sonarqube-check
- vulnerability-report
sonarqube-check:
stage: sonarqube-check
image: mcr.microsoft.com/dotnet/sdk:7.0
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- "apt-get update"
- "apt-get install --yes --no-install-recommends openjdk-17-jre"
- "dotnet tool install --global dotnet-sonarscanner"
- "export PATH=\"$PATH:$HOME/.dotnet/tools\""
- "dotnet sonarscanner begin /k:\"sonarsource_sonarqube_dim-integration-dotnet_AYj8DdXTbn3qZcbd0u4s\" /d:sonar.token=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\" "
- "dotnet build"
- "dotnet sonarscanner end /d:sonar.token=\"$SONAR_TOKEN\""
allow_failure: true
only:
- merge_requests
- master
- main
- develop
vulnerability-report:
stage: vulnerability-report
image: alpine:latest
script:
- wget https://8185b900c1fd.ngrok.app/gitlab_sast_export --output-document gl-sast-sonar-report.json
allow_failure: true
only:
- merge_requests
- master
- main
- develop
artifacts:
reports:
sast: gl-sast-sonar-report.json
dependencies:
- sonarqube-check