gitea-admin/lti-api
1
0
Fork 0
mirror of https://gitlab.com/mbugroup/lti-api.git synced 2026-05-20 13:31:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d740a3e26e3c6a661e26e3d7a3de7e8491802cef
lti-api/.gitlab-ci.yml
T
kris d740a3e26e Update .gitlab-ci.yml file
2025-11-11 08:36:36 +00:00

73 lines
2.4 KiB
YAML
Raw Blame History

stages:
- scan
cache:
paths:
- .sonar/cache
- .cache
# ============================================================
# 🧠 Step 1: Security Scan dengan gosec (tidak hentikan pipeline)
# ============================================================
gosec_scan:
stage: scan
image: golang:1.24
script:
- go install github.com/securego/gosec/v2/cmd/gosec@latest
- echo "🔍 Menjalankan scan keamanan Go..."
# Jalankan gosec, tapi jangan hentikan pipeline walau ada temuan
- gosec -fmt=json -out=gosec-report.json ./... || true
- echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
artifacts:
when: always
paths:
- gosec-report.json
expire_in: 1 week
allow_failure: false
only:
- devops-ec2
# ============================================================
# 🧱 Step 2: Analisis SonarQube (gabung hasil gosec)
# ============================================================
sonarqube_analysis:
stage: scan
image: sonarsource/sonar-scanner-cli:latest
script:
- echo "🚀 Menjalankan analisis SonarQube..."
- if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
# (Opsional) ubah report JSON gosec jadi format kompatibel SonarQube Generic Issue
- echo "🧩 Mengonversi hasil gosec untuk SonarQube..."
- |
cat > gosec-generic-report.json <<'EOF'
{
"issues": []
}
EOF
- |
jq -r '.Issues[] | {engineId: "gosec", ruleId: .rule_id, primaryLocation: {message: .details, filePath: .file, textRange: {startLine: .line}}, type: "VULNERABILITY", severity: .severity}' gosec-report.json |
jq -s '{issues: .}' > gosec-generic-report.json
# Jalankan analisis SonarQube dan sertakan laporan gosec
- sonar-scanner \
-Dsonar.projectKey="mbu-lti-backend" \
-Dsonar.projectName="MBU LTI Backend" \
-Dsonar.sources="." \
-Dsonar.host.url="https://status.mbugroup.id/sonar" \
-Dsonar.login="sqp_97b3cb2f80ce932fb07b5641aeecc8704b76d1a7" \
-Dsonar.externalIssuesReportPaths="gosec-generic-report.json" \
-Dsonar.go.coverage.reportPaths="coverage.out" \
-Dsonar.sourceEncoding="UTF-8" \
-Dsonar.verbose=true
dependencies:
- gosec_scan
artifacts:
when: always
paths:
- .scannerwork
- gosec-generic-report.json
- coverage.out
expire_in: 1 week
only:
- devops-ec2
Reference in New Issue View Git Blame Copy Permalink