Skip to content

Commit d59165f

Browse files
konradmichalikkonradmichalik
committed
feat: add scheduled security checks for Composer and NPM
1 parent 32a3f03 commit d59165f

File tree

3 files changed

+61
-0
lines changed

3 files changed

+61
-0
lines changed

README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,17 @@ Includes:
111111
- `cache/cache-feature-warmup.yaml`
112112
- `cache/cache-prod-warmup.yaml`
113113

114+
### Security
115+
116+
Run security checks using `audit` tools.
117+
118+
Includes:
119+
- `security/security-composer-check-scheduled.yaml`
120+
- `security/security-npm-check-scheduled.yaml`
121+
122+
> [!NOTE]
123+
> Needs to be scheduled in GitLab-CI.
124+
114125
## ⭐ License
115126

116127
This project is licensed under [GNU General Public License 3.0 (or later)](LICENSE).

security/security-composer-check-scheduled.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Purpose:
2+
# Analyze job for scanning for security vulnerabilities running within a gitlab schedule
3+
#
4+
# Dependency:
5+
# Deployer task "security:check:composer"
6+
#
7+
security:composer:check:scheduled:
8+
stage: analyse
9+
extends:
10+
- .base-schedule
11+
dependencies: [ ]
12+
cache:
13+
key: security-$CI_JOB_NAME-$CI_COMMIT_REF_NAME
14+
paths:
15+
- vendor/xima/xima-deployer-tools/deployer/security/
16+
variables:
17+
GIT_STRATEGY: fetch
18+
script:
19+
- !reference [.check-deployment-dependencies, script]
20+
- vendor/bin/dep security:check:composer local --notify $DEPLOYER_CONFIG_ADDITIONAL_OPTION
21+
rules:
22+
- if: $CI_JOB_NAME == $SCHEDULE_TASK_NAME
23+
when: always
24+
- when: never
25+
resource_group: $CI_COMMIT_REF_NAME

security/security-npm-check-scheduled.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Purpose:
2+
# Analyze job for scanning for security vulnerabilities running within a gitlab schedule
3+
#
4+
# Dependency:
5+
# Deployer task "security:check:npm"
6+
#
7+
security:npm:check:scheduled:
8+
stage: analyse
9+
extends:
10+
- .base-schedule
11+
dependencies: [ ]
12+
cache:
13+
key: security-$CI_JOB_NAME-$CI_COMMIT_REF_NAME
14+
paths:
15+
- vendor/xima/xima-deployer-tools/deployer/security/
16+
variables:
17+
GIT_STRATEGY: fetch
18+
script:
19+
- !reference [.check-deployment-dependencies, script]
20+
- vendor/bin/dep security:check:npm local --notify $DEPLOYER_CONFIG_ADDITIONAL_OPTION
21+
rules:
22+
- if: $CI_JOB_NAME == $SCHEDULE_TASK_NAME
23+
when: always
24+
- when: never
25+
resource_group: $CI_COMMIT_REF_NAME

0 commit comments

Comments
 (0)