-
Notifications
You must be signed in to change notification settings - Fork 8
/
.gitlab-ci.yml
33 lines (27 loc) · 1.19 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Use this template to audit a Maven project for security vulnerabilities with JFrog Xray.
# The `jf audit` command works as follows:
#
# 1. It creates a dependency tree for the project, including the direct and indirect (transitives) dependencies
# 2. Scans the dependency tree with JFrog Xray
# 3. Displays the vulnerabilities found
#
# Requirements:
# Configure 'ARTIFACTORY_VIRTUAL_RELEASE_REPO' and `$ARTIFACTORY_VIRTUAL_SNAPSHOT_REPO` variables
# with the releases and snapshots Maven repositories in JFrog Artifactory
# from which the dependencies can be resolved.
default:
image: maven:3.8.6-openjdk-11-slim
include:
- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-unix.yml"
# For Windows agents:
#- remote: "https://releases.jfrog.io/artifactory/jfrog-cli/gitlab/v2/.setup-jfrog-windows.yml"
jfrog-maven-audit:
script:
- !reference [.setup_jfrog, script]
# Configure JFrog Artifactory repositories
- jf mvn-config --repo-resolve-releases $ARTIFACTORY_VIRTUAL_RELEASE_REPO --repo-resolve-snapshots $ARTIFACTORY_VIRTUAL_SNAPSHOT_REPO
# Audit Maven project
- jf audit
after_script:
# Cleanup
- !reference [.cleanup_jfrog, script]