Versions Compared

Version Old Version 4 New Version 5
Changes made by

Victor Wang

Victor Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
image: atlassian/default-image:3

pipelines:
  branches:
    main:
      - step:
          name: 'Data Theorem SAST'
          image: us-central1-docker.pkg.dev/dev-scandal-us/datatheorem-sast-dev/datatheorem-sast-dev:latest
          script:
            - echo "Your security scan goes here..."
            - export DT_SAST_API_KEY=$DT_SAST_API_KEY
            - export DT_SAST_REPOSITORY_NAME=$BITBUCKET_REPO_FULL_NAME
            - export DT_SAST_REPOSITORY_PLATFORM=BITBUCKET
            - export DT_SAST_REPOSITORY_ID=$BITBUCKET_REPO_UUID
            - export DT_SAST_REPOSITORY_HTML_URL=$BITBUCKET_GIT_HTTP_ORIGIN
            - export DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME="main"
            - data_theorem_sast_analyzer scan ./


  pull-requests:
    "**":
      - step:
          name: 'Data Theorem SAST'
          image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
          script:
            - echo "Your security scan goes here..."
            - export DT_SAST_API_KEY=$DT_SAST_API_KEY
            - export DT_SAST_REPOSITORY_NAME=$BITBUCKET_REPO_FULL_NAME
            - export DT_SAST_REPOSITORY_PLATFORM=BITBUCKET
            - export DT_SAST_REPOSITORY_ID=$BITBUCKET_REPO_UUID
            - export DT_SAST_REPOSITORY_HTML_URL=$BITBUCKET_GIT_HTTP_ORIGIN
            - export DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME="main"
            - export DT_SAST_SCAN_HEAD_REF=$BITBUCKET_COMMIT
            - export DT_SAST_SCAN_TARGET_REF=$BITBUCKET_PR_DESTINATION_COMMIT
            - export DT_SAST_FAIL_MODE=true
            - data_theorem_sast_analyzer scan ./

Gitlab pipeline example

Set the Data Theorem API Key as a secret variable

Go to your project > Settings > CI/CD > Variables

Add a variable named DT_SAST_API_KEY with the value retrieved in step 1 and make sure the Protected and Masked options are checked

Note: the Gitlab pipeline must run the Data Theorem SAST step on a docker executor

Code Block
stages:
  - security-scan

datatheorem-sast-scan-job:
  tags:
    - gitlab-runner-docker # Needs to be a docker executor
  stage: security-scan
  image: us-central1-docker.pkg.dev/dev-scandal-us/datatheorem-sast-dev/datatheorem-sast-dev:latest 
  script:
    - echo $CI_COMMIT_REF_NAME $CI_COMMIT_BRANCH
    - export DT_SAST_API_KEY=$DT_SAST_API_KEY
    - export DT_SAST_REPOSITORY_NAME=$CI_PROJECT_PATH
    - export DT_SAST_REPOSITORY_PLATFORM="GITLAB_ON_PREM"
    - export DT_SAST_REPOSITORY_ID=$CI_PROJECT_ID
    - export DT_SAST_REPOSITORY_HTML_URL=$CI_PROJECT_URL
    - export DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME=$CI_DEFAULT_BRANCH
    - export DT_SAST_SCAN_HEAD_REF=$CI_COMMIT_BRANCH
    - data_theorem_sast_analyzer scan ./