diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8321aed..697570f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -34,6 +34,28 @@ snyk: - docker - notpriv +sast: + stage: security + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:stable-dind + script: + - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') + - docker run + --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" + --volume "$PWD:/code" + --volume /var/run/docker.sock:/var/run/docker.sock + "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code + artifacts: + reports: + sast: gl-sast-report.json + tags: + - docker + - priv + # ==================== # test stage # ==================== diff --git a/package.json b/package.json index 88e6d0d..4e2ee2f 100644 --- a/package.json +++ b/package.json @@ -55,4 +55,4 @@ "smartsocket": "^1.1.19", "through2": "^3.0.0" } -} +} \ No newline at end of file diff --git a/ts/mod_git/index.ts b/ts/mod_git/index.ts index 3dc79a7..b606960 100644 --- a/ts/mod_git/index.ts +++ b/ts/mod_git/index.ts @@ -28,11 +28,14 @@ export let mirror = async () => { const githubToken = process.env.NPMCI_GIT_GITHUBTOKEN; const githubUser = process.env.NPMCI_GIT_GITHUBGROUP || repo.user; const githubRepo = process.env.NPMCI_GIT_GITHUB || repo.repo; - if( + if ( configObject.projectInfo.npm.packageJson.private === true || configObject.npmAccessLevel === 'private' ) { - logger.log('warn', `refusing to mirror due to private property use a private mirror location instead`); + logger.log( + 'warn', + `refusing to mirror due to private property use a private mirror location instead` + ); return; } if (githubToken) { diff --git a/ts/mod_npm/index.ts b/ts/mod_npm/index.ts index 9812d60..58ba364 100644 --- a/ts/mod_npm/index.ts +++ b/ts/mod_npm/index.ts @@ -42,7 +42,9 @@ const prepare = async () => { await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => { const npmRegistryUrl = npmEnvArg.split('|')[0]; const npmToken = npmEnvArg.split('|')[1]; - npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(npmToken)}"\n`; + npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode( + npmToken + )}"\n`; }); logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`); npmrcFileString += `registry=https://${config.npmRegistryUrl}\n`;