Commits · 237ee0cf3a3e9aaa549879048060c7464e993a13 · repos / security / Gitlab CI Security Templates

24 Dec, 2021 3 commits
- Quote WM_APPSEC_SEMGREP_OPTIONS var for test · 237ee0cf
  SBassett authored Dec 24, 2021
  
  237ee0cf
- Add debug here... · a68ee97c
  SBassett authored Dec 24, 2021
  
  a68ee97c
- * Add debug echo · 1a49d43b
  SBassett authored Dec 24, 2021
```
* Remove comment and whitespace from before_script var stuff
```
  1a49d43b
23 Dec, 2021 2 commits
- Try r/php instead for config... · c015e86b
  SBassett authored Dec 23, 2021
  
  c015e86b
- semgrep definitely doesn't like quotes around the policy... · f1455801
  SBassett authored Dec 23, 2021
  
  f1455801
22 Dec, 2021 13 commits
- Try quoted php policy for --config · 007450db
  SBassett authored Dec 22, 2021
  
  007450db
- Try config=auto · e711078f
  SBassett authored Dec 22, 2021
  
  e711078f
- * Remove single quotes · 289405cb
  SBassett authored Dec 22, 2021
```
* Move config opts to end
```
  289405cb
- * Single-quote opts values · 6b1826ed
  SBassett authored Dec 22, 2021
```
* Different debug
```
  6b1826ed
- Debug semgrep options · 2ffca66e
  SBassett authored Dec 22, 2021
  
  2ffca66e
- rm --verbose, too obnoxious as a default · 1c1f370e
  SBassett authored Dec 22, 2021
  
  1c1f370e
- errant forward-slash be gone! · ab096854
  SBassett authored Dec 22, 2021
  
  ab096854
- Can't upgrade something that hasn't been installed :) · 4626b785
  SBassett authored Dec 22, 2021
  
  4626b785
- Shouldn't actually need git just yet... · cf3c212d
  SBassett authored Dec 22, 2021
  
  cf3c212d
- Fix typo - too many colons for stage directive :/ · 4a08d512
  SBassett authored Dec 22, 2021
  
  4a08d512
- Update "default" Wikimedia semgrep SAST image · 60adf193
  SBassett authored Dec 22, 2021
  
  60adf193
- Revert allow_failure = false · 19429f71
  SBassett authored Dec 22, 2021
  
  19429f71
- Test allow failure · 362bd4c6
  SBassett authored Dec 22, 2021
  
  362bd4c6
21 Dec, 2021 2 commits
- Add default semgrep ci template file · 6be9dc7f
  SBassett authored Dec 21, 2021
```
(still needs more work)

Bug: T297991
```
  6be9dc7f
- Delete README.md · b034a540
  SBassett authored Dec 21, 2021
  
  b034a540
18 Dec, 2021 1 commit
- Remove --package-lock-only, needs node_modules, apparently · ea7da978
  SBassett authored Dec 18, 2021
  
  ea7da978
17 Dec, 2021 17 commits
- Tabs to spaces, ugh · 77236235
  SBassett authored Dec 17, 2021
  
  77236235
- Refactor various npm-related security templates · 858a5865
  SBassett authored Dec 17, 2021
```
* Remove version-based directory structure
* Add single, per-tool ci template files, based upon configurable
  docker-registry.wikimedia.org images (via new env var)
* Update ci templates to support multiple, nested package/-lock.json files
* Add support for configurable tool options (via new env var)
* Other misc. cleanup
```
  858a5865
- Remove debug opts · 7b5e07d4
  SBassett authored Dec 17, 2021
  
  7b5e07d4
- Hopefully this works now given type in calling gitlab-ci.yml :/ · 2e306338
  SBassett authored Dec 17, 2021
  
  2e306338
- Test external env variable in variables: directive · b01c1170
  SBassett authored Dec 17, 2021
  
  b01c1170
- More testing of environment variables · 0f2c6345
  SBassett authored Dec 17, 2021
  
  0f2c6345
- More testing of variable expansion and assignment · fd43310b
  SBassett authored Dec 17, 2021
  
  fd43310b
- More testing of variable expansion and assignment · 70eecfc1
  SBassett authored Dec 17, 2021
  
  70eecfc1
- Try this debug output · 18541e68
  SBassett authored Dec 17, 2021
  
  18541e68
- More debugging of variable assignment and expansion · e737911f
  SBassett authored Dec 17, 2021
  
  e737911f
- See if gitlab ci likes this kind of variable expansion/assignment · 69f2318f
  SBassett authored Dec 17, 2021
  
  69f2318f
- Echo npm audit options var to make sure the override logic is actually working · ab38c3ae
  SBassett authored Dec 17, 2021
  
  ab38c3ae
- * One last attempt at echoing newlines in gitlab ci console output · fb7e8f6f
  SBassett authored Dec 17, 2021
```
* Re-work logic for npm audit options variable checks
```
  fb7e8f6f
- * This appears to be the only way to echo newlines for gitlab ci console output :/ · da3a63e1
  SBassett authored Dec 17, 2021
  
  da3a63e1
- * Add separate echo statements instead of newlines, which is apparently how... · f9198216
  SBassett authored Dec 17, 2021
```
* Add separate echo statements instead of newlines, which is apparently how this must be done in gitlab ci console output :/
* Add support for WM_APPSEC_NPM_AUDIT_OPTION variable to override default secteam npm audit options
```
  f9198216
- * Use env var to specify specific docker-registry.w.o image · b8605f6c
  SBassett authored Dec 17, 2021
```
* Try different approach to echo newlines (may not work)
* Add review msg if at least one vulnerable package.json exists
```
  b8605f6c
- More testing of trapping exit · ddf56264
  SBassett authored Dec 17, 2021
  
  ddf56264
16 Dec, 2021 2 commits
- More testing of exit code trapping · a230ad65
  SBassett authored Dec 16, 2021
  
  a230ad65
- More testing of trapping exit codes · 71e62164
  SBassett authored Dec 16, 2021
  
  71e62164