.gitlab-ci.yml

stages:
  - build
  - security_scan
  - reporting
  - deploy

build:
  stage: build
  image: docker:latest
  services:
    - docker:dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build --pull -t $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:latest

dast_scan:
  stage: security_scan
  needs: [build]
  image: registry.gitlab.com/gitlab-org/security-products/zaproxy:latest
  allow_failure: true
  artifacts:
    when: always
    expire_in: "10 days"
    paths:
      - "security_scan/testreport.html"
  script:
    - mkdir security_scan
    - /analyze -t https://owasp-juice-shop-demo-0d931ec9d675.herokuapp.com/ -r $(pwd)/security_scan/testreport.html

owasp_dependency_check:
  stage: security_scan
  needs: [build]
  image: nbaars/owasp-dependency-check-as-one:latest
  allow_failure: true
  artifacts:
    when: always
    paths:
      - "owasp_dependency_check/dependency-check-report.html"
      - "owasp_dependency_check/dependency-check-report.xml"
    expire_in: "10 days"
  script:
    - mkdir owasp_dependency_check
    - dependency-check --data /data --noupdate -s . -o ./owasp_dependency_check -f HTML -f XML --failOnCVSS 8

owasp_zap_scan:
  stage: security_scan
  needs: [build]
  image: owasp/zap2docker-stable:2.12.0
  allow_failure: true
  artifacts:
    when: always
    expire_in: "30 days"
    paths:
      - "owasp_zap_scan/testreport.xml"
  script:
    - mkdir -p /zap/wrk owasp_zap_scan
    - /zap/zap-baseline.py -t https://owasp-juice-shop-demo-0d931ec9d675.herokuapp.com/ -g gen.conf -x $(pwd)/owasp_zap_scan/testreport.xml

deploy_report_to_orchestron:
  stage: reporting
  needs: [owasp_zap_scan]
  script:
    - echo "Sending to orchstron"

deploy_to_heroku:
  stage: deploy
  needs: [owasp_dependency_check]
  script:
    - echo "Deploying to Heroku"