Commits · 19429f71c4443f9354321a0551759de1361d1018 · repos / security / Gitlab CI Security Templates

22 Dec, 2021 2 commits
- Revert allow_failure = false · 19429f71
  SBassett authored Dec 22, 2021
  
  19429f71
- Test allow failure · 362bd4c6
  SBassett authored Dec 22, 2021
  
  362bd4c6
21 Dec, 2021 2 commits
- Add default semgrep ci template file · 6be9dc7f
  SBassett authored Dec 21, 2021
```
(still needs more work)

Bug: T297991
```
  6be9dc7f
- Delete README.md · b034a540
  SBassett authored Dec 21, 2021
  
  b034a540
18 Dec, 2021 1 commit
- Remove --package-lock-only, needs node_modules, apparently · ea7da978
  SBassett authored Dec 18, 2021
  
  ea7da978
17 Dec, 2021 17 commits
- Tabs to spaces, ugh · 77236235
  SBassett authored Dec 17, 2021
  
  77236235
- Refactor various npm-related security templates · 858a5865
  SBassett authored Dec 17, 2021
```
* Remove version-based directory structure
* Add single, per-tool ci template files, based upon configurable
  docker-registry.wikimedia.org images (via new env var)
* Update ci templates to support multiple, nested package/-lock.json files
* Add support for configurable tool options (via new env var)
* Other misc. cleanup
```
  858a5865
- Remove debug opts · 7b5e07d4
  SBassett authored Dec 17, 2021
  
  7b5e07d4
- Hopefully this works now given type in calling gitlab-ci.yml :/ · 2e306338
  SBassett authored Dec 17, 2021
  
  2e306338
- Test external env variable in variables: directive · b01c1170
  SBassett authored Dec 17, 2021
  
  b01c1170
- More testing of environment variables · 0f2c6345
  SBassett authored Dec 17, 2021
  
  0f2c6345
- More testing of variable expansion and assignment · fd43310b
  SBassett authored Dec 17, 2021
  
  fd43310b
- More testing of variable expansion and assignment · 70eecfc1
  SBassett authored Dec 17, 2021
  
  70eecfc1
- Try this debug output · 18541e68
  SBassett authored Dec 17, 2021
  
  18541e68
- More debugging of variable assignment and expansion · e737911f
  SBassett authored Dec 17, 2021
  
  e737911f
- See if gitlab ci likes this kind of variable expansion/assignment · 69f2318f
  SBassett authored Dec 17, 2021
  
  69f2318f
- Echo npm audit options var to make sure the override logic is actually working · ab38c3ae
  SBassett authored Dec 17, 2021
  
  ab38c3ae
- * One last attempt at echoing newlines in gitlab ci console output · fb7e8f6f
  SBassett authored Dec 17, 2021
```
* Re-work logic for npm audit options variable checks
```
  fb7e8f6f
- * This appears to be the only way to echo newlines for gitlab ci console output :/ · da3a63e1
  SBassett authored Dec 17, 2021
  
  da3a63e1
- * Add separate echo statements instead of newlines, which is apparently how... · f9198216
  SBassett authored Dec 17, 2021
```
* Add separate echo statements instead of newlines, which is apparently how this must be done in gitlab ci console output :/
* Add support for WM_APPSEC_NPM_AUDIT_OPTION variable to override default secteam npm audit options
```
  f9198216
- * Use env var to specify specific docker-registry.w.o image · b8605f6c
  SBassett authored Dec 17, 2021
```
* Try different approach to echo newlines (may not work)
* Add review msg if at least one vulnerable package.json exists
```
  b8605f6c
- More testing of trapping exit · ddf56264
  SBassett authored Dec 17, 2021
  
  ddf56264
16 Dec, 2021 6 commits
- More testing of exit code trapping · a230ad65
  SBassett authored Dec 16, 2021
  
  a230ad65
- More testing of trapping exit codes · 71e62164
  SBassett authored Dec 16, 2021
  
  71e62164
- More testing of exit code trapping · 1763c70f
  SBassett authored Dec 16, 2021
  
  1763c70f
- Continued testing of trapped exit codes for multiple package.jsons · de966d73
  SBassett authored Dec 16, 2021
  
  de966d73
- More testing of trapping of exit codes into cumulative var · d232dff7
  SBassett authored Dec 16, 2021
  
  d232dff7
- Try this method to trap exit codes... · a70594d9
  SBassett authored Dec 16, 2021
  
  a70594d9
14 Dec, 2021 12 commits
- Add echo of current package.json/package-lock.json file · 4a9d3380
  SBassett authored Dec 14, 2021
  
  4a9d3380
- Add echo of current package.json/package-lock.json file · 1dc1a8d4
  SBassett authored Dec 14, 2021
  
  1dc1a8d4
- Try another echo pattern, ugh. · f530631f
  SBassett authored Dec 14, 2021
  
  f530631f
- Try more dashes? · 33ca0b4c
  SBassett authored Dec 14, 2021
  
  33ca0b4c
- Separate echoes for newlines? · d32249b9
  SBassett authored Dec 14, 2021
  
  d32249b9
- Do more newlines work or no? · 1a6666b7
  SBassett authored Dec 14, 2021
  
  1a6666b7
- More formatting for echo of specific package.json/package-lock.json file · 79e0105b
  SBassett authored Dec 14, 2021
  
  79e0105b
- Echo specific package.json/package-lock.json file path above audit-ci run · 851affb3
  SBassett authored Dec 14, 2021
  
  851affb3
- * Add apt-get install for git · 235f7be0
  SBassett authored Dec 14, 2021
  
  235f7be0
- Try test-browser image... · e3acea6c
  SBassett authored Dec 14, 2021
  
  e3acea6c
- Update node14 image to -test · 4969d6f2
  SBassett authored Dec 14, 2021
  
  4969d6f2
- * Change image to correct node14 image · da6252da
  SBassett authored Dec 14, 2021
```
* Remove user commands as those aren't supported here, apparently (https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2750)
```
  da6252da