semgrep-ci.yml 675 Bytes
Newer Older
1
semgrep_check:
2

3
    image: docker-registry.wikimedia.org/${WM_APPSEC_SEMGREP_IMAGE}
4
    stage: test
5
6
    allow_failure: false # security-related job should not be allowed to fail
    
7
    variables:
SBassett's avatar
SBassett committed
8
        SEMGREP_OPTIONS: --metrics=off --time --exclude=vendor --exclude=node_modules --config=r/php
9
10

    before_script:
11
        - apt-get update -yqq
12
        - python3 -m pip install semgrep
SBassett's avatar
SBassett committed
13
        - |
14
15
          if [ ! -z ${WM_APPSEC_SEMGREP_OPTIONS} ]; then
            SEMGREP_OPTIONS=${WM_APPSEC_SEMGREP_OPTIONS}
SBassett's avatar
SBassett committed
16
            echo ${SEMGREP_OPTIONS}
SBassett's avatar
SBassett committed
17
18
          fi
          
19
20
21
    # create a new package lock file, run auditjs
    script:
        - semgrep ${SEMGREP_OPTIONS}