File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11stages :
2- - sbom
3- - security-scan
4-
2+ - security
53
64# # -------------- Security Pipeline ---------------- ##
5+
76sbom-creation :
8- stage : sbom
9- rules :
10- - if : $CI_PIPELINE_SOURCE == "web"
11- when : always
12- - if : $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
13- when : always
14- - when : never
7+ stage : security
158 image :
169 name : ${SBOM_IMAGE}
1710 entrypoint : ['']
@@ -22,26 +15,35 @@ sbom-creation:
2215 paths :
2316 - sbom.cyclonedx.json
2417 expire_in : 1 days
25-
18+ rules :
19+ - if : $CI_PIPELINE_SOURCE == "web"
20+ when : on_success
21+ - if : $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
22+ when : on_success
23+ - when : never
24+
2625security-scan :
26+ stage : security
27+ needs :
28+ - job : sbom-creation
29+ artifacts : true
30+ trigger :
31+ include :
32+ - project : $SECURITY_PIPELINE_PROJECT
33+ file : security_pipeline.yaml
34+ ref : $SECURITY_PIPELINE_REF
35+ forward :
36+ pipeline_variables : true
37+ yaml_variables : true
2738 variables :
2839 APPSECHUB_PARENT_PIPELINE_ID : $CI_PIPELINE_ID
2940 APPSECHUB_SCA_SBOM_GENERATOR : custom
3041 APPSECHUB_SBOM_PATH : sbom.cyclonedx.json
3142 APPSECHUB_SBOM_MASK : ' *bom*.json'
3243 CUSTOM_SBOM_GENERATOR_JOB_NAME : sbom-creation
3344 rules :
34- - if : $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
35- when : always
3645 - if : $CI_PIPELINE_SOURCE == "web"
37- when : always
46+ when : on_success
47+ - if : $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
48+ when : on_success
3849 - when : never
39- stage : security-scan
40- trigger :
41- include :
42- - project : ' devsecops3000Pro/public/pipelines/security-pipeline'
43- file : ' security_pipeline.yaml'
44- ref : ' master'
45- forward :
46- pipeline_variables : true
47- yaml_variables : true
You can’t perform that action at this time.
0 commit comments