...
| Code Block |
|---|
stages:
- security-scan
datatheorem-sast-scan-branch-job:
only:
- main # Trigger on default branch push, replace 'main' with the name of your default branch
tags:
- gitlab-runner-docker # Needs to be an executor compatible with the`image` feature
stage: security-scan
image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
script:
- export DT_SAST_API_KEY=$DT_SAST_API_KEY
- export DT_SAST_REPOSITORY_NAME=$CI_PROJECT_PATH
- export DT_SAST_REPOSITORY_PLATFORM="GITLAB_ON_PREM"
- export DT_SAST_REPOSITORY_ID=$CI_PROJECT_ID
- export DT_SAST_REPOSITORY_HTML_URL=$CI_PROJECT_URL
- export DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME=$CI_DEFAULT_BRANCH
- export DT_SAST_SCAN_HEAD_REF=$CI_COMMIT_REF_NAME
- data_theorem_sast_analyzer scan ./
datatheorem-sast-scan-merge-request-job:
only:
- merge_requests
tags:
- gitlab-runner-docker # Needs to be an executor compatible with the`image` feature
stage: security-scan
image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
script:
- export DT_SAST_API_KEY=$DT_SAST_API_KEY
- export DT_SAST_REPOSITORY_NAME=$CI_PROJECT_PATH
- export DT_SAST_REPOSITORY_PLATFORM="GITLAB_ON_PREM"
- export DT_SAST_REPOSITORY_ID=$CI_PROJECT_ID
- export DT_SAST_REPOSITORY_HTML_URL=$CI_PROJECT_URL
- export DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME=$CI_DEFAULT_BRANCH
- export DT_SAST_SCAN_TARGET_REF=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
- data_theorem_sast_analyzer scan ./
|
Azure DevOps Pipeline Example
Create a new Azure DevOps Pipeline
Add a variable named DT_SAST_API_KEY with the value retrieved in step 1 and make sure the Keep this value secret option is checked. (See https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-secret-variables?view=azure-devops&tabs=yaml%2Cbash )
The Azure Pipeline definition should look like this:
| Code Block |
|---|
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: |
docker run \
-e DT_SAST_API_KEY='$(DT_SAST_API_KEY)' \
-e DT_SAST_REPOSITORY_NAME=$(Build.Repository.Name) \
-e DT_SAST_REPOSITORY_PLATFORM=AZURE_DEVOPS \
-e DT_SAST_REPOSITORY_ID=$(Build.Repository.ID) \
-e DT_SAST_REPOSITORY_HTML_URL=$(Build.Repository.Uri) \
-e DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME="main" \
-e DT_SAST_SCANNED_BRANCH=$(Build.SourceBranchName) \
-e DT_SAST_SCAN_HEAD_REF="HEAD" \
--mount type=bind,source="$(pwd)"/,target=/target \
us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest \
data_theorem_sast_analyzer scan /target
displayName: 'Data Theorem On-Prem SAST'
|
Troubleshooting
SSL Errors
...