Merge pull request #1749 from advancedtelematic/gitlab/scans

Enable additional security and compliance checks

ci/gitlab/.gitlab-ci.yml

@@ -1,6 +1,7 @@
 stages:
   - docker
   - test
+  - static scans
   - pkg-test
   - oe-checkout
   - oe-test
@@ -28,6 +29,10 @@ variables:
   BITBAKE_CHECKOUT_IMAGE: ${METAUPDATER_REGISTRY_IMAGE}:ci-master-checkout
 
 include:
+  - template: SAST.gitlab-ci.yml
+  - template: Secret-Detection.gitlab-ci.yml
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: License-Scanning.gitlab-ci.yml
   - project: 'olp/edge/ota/connect/client/meta-updater'
     ref: 'master'
     file: 'scripts/ci/gitlab/docker.yml'
@@ -71,6 +76,24 @@ Docker Setup:
     - docker build --pull --cache-from "$UBUNTU_XENIAL_MASTER_INSTALLIMAGE" --cache-from "$UBUNTU_XENIAL_PR_INSTALLIMAGE" -f "$CI_PROJECT_DIR/docker/Dockerfile-test-install.ubuntu.xenial" -t "$UBUNTU_XENIAL_PR_INSTALLIMAGE" .
     - docker push "$UBUNTU_XENIAL_PR_INSTALLIMAGE"
 
+# static scans:
+
+bandit-sast:
+  stage: static scans
+
+flawfinder-sast:
+  stage: static scans
+
+license_scanning:
+  stage: static scans
+
+secret_detection:
+  stage: static scans
+
+secrets-sast:
+  stage: static scans
+
+
 coverage:
   variables:
     GIT_CLONE_PATH: $CI_BUILDS_DIR/aktualizr-coverage-$CI_JOB_ID
@@ -206,10 +229,8 @@ xenial-pkg:
 bionic-pkg-test:
   variables:
     TEST_INSTALL_DESTDIR: "$CI_PROJECT_DIR/build-bionic/pkg"
-
+  needs: ["bionic-pkg"]
   image: "$UBUNTU_BIONIC_PR_INSTALLIMAGE"
-  dependencies:
-    - bionic-pkg
   stage: pkg-test
   except:
     - /^20\d\d\.\d\d?-docs$/
@@ -221,10 +242,8 @@ bionic-pkg-test:
 xenial-pkg-test:
   variables:
     TEST_INSTALL_DESTDIR: "$CI_PROJECT_DIR/build-xenial/pkg"
-
+  needs: ["xenial-pkg"]
   image: "$UBUNTU_XENIAL_PR_INSTALLIMAGE"
-  dependencies:
-    - xenial-pkg
   stage: pkg-test
   except:
     - /^20\d\d\.\d\d?-docs$/