-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy path.gitlab-ci-test.yml
More file actions
113 lines (103 loc) · 3.87 KB
/
.gitlab-ci-test.yml
File metadata and controls
113 lines (103 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Test GitLab CI configuration for Socket Security Dashboard integration
# Rename to .gitlab-ci.yml to activate, or create a test pipeline in GitLab UI
stages:
- test
- security
# Test 1: Install from branch and generate report
socket_security_test:
stage: security
image: python:3.11
before_script:
- pip install --upgrade pip
# Install directly from the git branch
- pip install git+https://github.com/SocketDev/socket-python-cli.git@mucha-dev-gitlab-security-output
script:
- echo "Testing GitLab Security Dashboard integration..."
- socketcli --version
- socketcli --help | grep "gitlab-security"
- |
socketcli \
--api-token $SOCKET_API_TOKEN \
--repo socket-python-cli \
--target-path . \
--enable-gitlab-security \
--gitlab-security-file gl-dependency-scanning-report.json
- echo "Verifying report was generated..."
- ls -lh gl-dependency-scanning-report.json
- echo "Report contents preview:"
- cat gl-dependency-scanning-report.json | head -50
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
paths:
- gl-dependency-scanning-report.json
expire_in: 1 week
only:
- branches
allow_failure: false
# Test 2: Validate report schema
validate_gitlab_report:
stage: test
image: python:3.11
dependencies:
- socket_security_test
script:
- echo "Validating GitLab Security report structure..."
- |
python3 << 'VALIDATE'
import json
import sys
with open('gl-dependency-scanning-report.json') as f:
report = json.load(f)
# Validate required fields
assert 'version' in report, "Missing 'version' field"
assert 'scan' in report, "Missing 'scan' field"
assert 'vulnerabilities' in report, "Missing 'vulnerabilities' field"
# Validate scan structure
scan = report['scan']
assert scan['type'] == 'dependency_scanning', f"Invalid scan type: {scan['type']}"
assert 'analyzer' in scan, "Missing 'analyzer' in scan"
assert 'scanner' in scan, "Missing 'scanner' in scan"
assert scan['analyzer']['id'] == 'socket-security', "Invalid analyzer ID"
assert scan['scanner']['id'] == 'socket-cli', "Invalid scanner ID"
print(f"✓ Report structure is valid")
print(f"✓ Schema version: {report['version']}")
print(f"✓ Scan type: {scan['type']}")
print(f"✓ Vulnerabilities found: {len(report['vulnerabilities'])}")
if report['vulnerabilities']:
print(f"\nFirst 3 vulnerabilities:")
for i, vuln in enumerate(report['vulnerabilities'][:3], 1):
print(f" {i}. {vuln['severity']}: {vuln['name']}")
print(f" Package: {vuln['location']['dependency']['package']['name']}@{vuln['location']['dependency']['version']}")
print("\n✅ GitLab report validation successful!")
VALIDATE
only:
- branches
# Test 3: Multiple formats simultaneously
test_multiple_formats:
stage: security
image: python:3.11
before_script:
- pip install git+https://github.com/SocketDev/socket-python-cli.git@mucha-dev-gitlab-security-output
script:
- echo "Testing multiple output formats..."
- |
socketcli \
--api-token $SOCKET_API_TOKEN \
--repo socket-python-cli \
--target-path . \
--enable-json \
--enable-gitlab-security \
--gitlab-security-file reports/gitlab-security.json > json-output.txt 2>&1
- echo "Verifying both formats were generated..."
- ls -lh reports/gitlab-security.json
- grep -q "vulnerabilities" reports/gitlab-security.json && echo "✓ GitLab report contains vulnerabilities field"
- grep -q "scan_failed" json-output.txt && echo "✓ JSON output was generated"
artifacts:
paths:
- reports/gitlab-security.json
- json-output.txt
expire_in: 1 day
only:
- branches
allow_failure: true