===================前置安装配置==========================
1、Gitlab 配置并启用SAST功能
2、配置gitlab-runner
单独安装gitlab-runner,需要设置为share模式,便于配合多project使用
docker run -d --name gitlab-runner --restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
3、进入gitlab-runner容器
docker exec -it gitlab-runner bash
进行runner注册
- 需要输入gitlab平台地址
- 认证token
- runner的名称
- runner的tag
root@af53e06a6c7a:/# gitlab-runner register
Runtime platform arch=amd64 os=linux pid=20 revision=b37d3da9 version=14.3.0
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://git.xxxxx.com/
Enter the registration token:
GWskbzm_xxxxxxxxx-Uxy
Enter a description for the runner:
[af53e06a6c7a]: security runner
Enter tags for the runner (comma-separated):
security
Registering runner... succeeded runner=GWskbzm_
Enter an executor: docker, ssh, virtualbox, docker+machine, kubernetes, custom, docker-ssh, parallels, shell, docker-ssh+machine:
docker
Enter the default Docker image (for example, ruby:2.6):
alpine:latest
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
重启容器
===================具体项目中配置==========================
1、在project code中新建 .gitlab-ci.yml文件
stages:
- test
sast:
stage: test
tags:
- security
include:
- template: Security/SAST.gitlab-ci.yml
variables:
SAST_EXPERIMENTAL_FEATURES: 'true'
tags 指定使用的 runner
template 配置SAST的yml文件
2、提交代码合并后,可以在gitlab平台上看Piplines和Jobs
#每次的分支提交代码都会进行一次的代码分析
#合并分支也会进行代码分析