# DEPRECATED # # Include this file in your .gitlab-ci.yml file to automate & integrate Checkmarx KICS' security scans. # # include documentation https://docs.gitlab.com/ee/ci/yaml/includes.html # # defined as in https://docs.gitlab.com/ee/development/cicd/templates.html#versioning # # These variables can be overridden in your .gitlab-ci.yml file or as envionrment variables. # image: alpine variables: KICS_BLOCK_ON_HIGH: "true" before_script: - apk add --no-cache libc6-compat - DATETIME="`date '+%H:%M'`" - echo "${DATETIME} - INF version is $VERSION" - VERSION=1.2.4 - echo "${DATETIME} - INF downloading latest kics binaries kics_${VERSION}_linux_x64.tar.gz" - wget -q -c "https://github.com/Checkmarx/kics/releases/download/v${VERSION}/kics_${VERSION}_linux_x64.tar.gz" -O - | tar -xz --directory /usr/bin &>/dev/null stages: - kics - kics-result kics-scan: stage: kics script: - kics scan -q /usr/bin/assets/queries -p ${PWD} -o ${PWD}/kics-results.json artifacts: name: kics-results.json paths: - kics-results.json # # before v1.3.0 breaking the pipeline on results required parsing the results json file # kics-results: stage: kics-result before_script: - export TOTAL_SEVERITY_COUNTER=`grep '"total_counter"':' ' kics-results.json | awk {'print $2'}` - export SEVERITY_COUNTER_HIGH=`grep '"HIGH"':' ' kics-results.json | awk {'print $2'} | sed 's/.$//'` - export SEVERITY_COUNTER_MEDIUM=`grep '"INFO"':' ' kics-results.json | awk {'print $2'} | sed 's/.$//'` - export SEVERITY_COUNTER_LOW=`grep '"LOW"':' ' kics-results.json | awk {'print $2'} | sed 's/.$//'` - export SEVERITY_COUNTER_INFO=`grep '"MEDIUM"':' ' kics-results.json | awk {'print $2'} | sed 's/.$//'` script: - | echo "TOTAL SEVERITY COUNTER: $TOTAL_SEVERITY_COUNTER SEVERITY COUNTER HIGH: $SEVERITY_COUNTER_HIGH SEVERITY COUNTER MEDIUM: $SEVERITY_COUNTER_MEDIUM SEVERITY COUNTER LOW: $SEVERITY_COUNTER_LOW SEVERITY COUNTER INFO: $SEVERITY_COUNTER_INFO" - if [ "$KICS_BLOCK_ON_HIGH" -ge "1" ] && [ "$SEVERITY_COUNTER_HIGH" -ge "1" ];then echo "Please fix all $SEVERITY_COUNTER_HIGH HIGH SEVERITY ISSUES" && exit 1;fi