-
Notifications
You must be signed in to change notification settings - Fork 8
/
.gitlab-ci.yml
37 lines (30 loc) · 1.2 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Use this template to audit a Python project for security vulnerabilities with JFrog Xray.
# The `jf audit` command works as follows:
#
# 1. It creates a dependency tree for the project, including the direct and indirect (transitives) dependencies
# 2. Scans the dependency tree with JFrog Xray
# 3. Displays the vulnerabilities found
#
# To create the dependency tree, the command expects the dependencies to be presented on the local agent.
#
# Requirements:
# Configure 'ARTIFACTORY_REMOTE_REPO' variable with the Pypi repository in JFrog Artifactory
# from which the dependencies can be resolved.
default:
image: python:bullseye
include:
- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-unix.yml"
# For Windows agents:
#- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-windows.yml"
jfrog-pip-audit:
script:
- !reference [.setup_jfrog, script]
# Configure the Artifactory repository
- jf pip-config --repo-resolve $ARTIFACTORY_REMOTE_REPO
# Ensure the project dependencies are presented locally
- jf pip install .
# Audit .NET project
- jf audit
after_script:
# Cleanup
- !reference [.cleanup_jfrog, script]