-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
76 lines (70 loc) · 1.99 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
stages:
- build
- snyk_scan
- deploy
- zap_scan
variables:
DOCKER_DRIVER: overlay2
SNYK_TOKEN: $SNYK_TOKEN
build:
stage: build
image: docker:latest
services:
- docker:dind
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
script:
- echo "Building Docker image..."
- docker version
- docker build --tag mohamedfourti/dvwa:$CI_COMMIT_REF_NAME -f Dockerfile .
- docker push mohamedfourti/dvwa:$CI_COMMIT_REF_NAME
tags:
- manager
artifacts:
paths:
- docker-image/
snyk_scan:
stage: snyk_scan
image: docker:latest
services:
- docker:dind
script:
- echo "Running Snyk vulnerability scan..."
- docker run -d --name snyk-container -v /var/run/docker.sock:/var/run/docker.sock snyk/snyk:docker sleep infinity
- docker exec snyk-container snyk auth $SNYK_TOKEN
- docker exec snyk-container snyk test --docker mohamedfourti/dvwa:$CI_COMMIT_REF_NAME --json > snyk_report.json || true
- docker stop snyk-container
- docker rm snyk-container
tags:
- manager
artifacts:
paths:
- snyk_report.json
deploy:
stage: deploy
image: docker:latest
services:
- docker:dind
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
script:
- echo "Deploying services using docker-compose..."
- docker pull mohamedfourti/dvwa:$CI_COMMIT_REF_NAME
- docker stack deploy -c compose.yml $CI_PROJECT_NAME
tags:
- manager
zap_scan:
stage: zap_scan
image: docker:latest
services:
- docker:dind
script:
- echo "Running OWASP ZAP security scan..."
- docker run --name zap -p 8090:8090 -i softwaresecurityproject/zap-bare zap.sh -cmd -port 8090 -quickurl http://192.168.246.136:4280 -quickout /zap/zap-report.html
- docker cp zap:/zap/zap-report.html $CI_PROJECT_DIR/zap-report.html
- docker rm -f zap
tags:
- manager
artifacts:
paths:
- zap-report.html