diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml index add9eebda7e79d7da77a7977a1df9c33ba32ec94..a3c20ca0a2181750e0864d1d3a398d5ff1ab269b 100644 --- a/templates/gitlab-ci-gitleaks.yml +++ b/templates/gitlab-ci-gitleaks.yml @@ -1,16 +1,16 @@ # ========================================================================================= # Copyright (C) 2021 Orange & contributors # -# This program is free software; you can redistribute it and/or modify it under the terms -# of the GNU Lesser General Public License as published by the Free Software Foundation; +# This program is free software; you can redistribute it and/or modify it under the terms +# of the GNU Lesser General Public License as published by the Free Software Foundation; # either version 3 of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; # without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # See the GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Lesser General Public License along with this -# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth +# You should have received a copy of the GNU Lesser General Public License along with this +# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # Floor, Boston, MA 02110-1301, USA. # ========================================================================================= variables: @@ -18,7 +18,7 @@ variables: GITLEAKS_IMAGE: "zricethezav/gitleaks:latest" GITLEAKS_ARGS: "--verbose" GITLEAKS_QUICK_DEPTH: "10" - + GITLEAKS_QUICK_ARGS: "--verbose" # default production ref name (pattern) PROD_REF: '/^(master|main)$/' @@ -93,8 +93,8 @@ stages: _test_op=$(echo "$_fields" | cut -d: -f5) case "$_test_op" in defined) - if [[ -z "$_not" ]] && [[ -z "$_cond_val" ]]; then continue; - elif [[ "$_not" ]] && [[ "$_cond_val" ]]; then continue; + if [[ -z "$_not" ]] && [[ -z "$_cond_val" ]]; then continue; + elif [[ "$_not" ]] && [[ "$_cond_val" ]]; then continue; fi ;; equals|startswith|endswith|contains|in|equals_ic|startswith_ic|endswith_ic|contains_ic|in_ic) @@ -113,28 +113,28 @@ stages: fi case "$_test_op" in equals*) - if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val" ]]; then continue; - elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val" ]]; then continue; + if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val" ]]; then continue; + elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val" ]]; then continue; fi ;; startswith*) - if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val"* ]]; then continue; - elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val"* ]]; then continue; + if [[ -z "$_not" ]] && [[ "$_cond_val" != "$_cmp_val"* ]]; then continue; + elif [[ "$_not" ]] && [[ "$_cond_val" == "$_cmp_val"* ]]; then continue; fi ;; endswith*) - if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val" ]]; then continue; - elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val" ]]; then continue; + if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val" ]]; then continue; + elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val" ]]; then continue; fi ;; contains*) - if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val"* ]]; then continue; - elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val"* ]]; then continue; + if [[ -z "$_not" ]] && [[ "$_cond_val" != *"$_cmp_val"* ]]; then continue; + elif [[ "$_not" ]] && [[ "$_cond_val" == *"$_cmp_val"* ]]; then continue; fi ;; in*) - if [[ -z "$_not" ]] && [[ "__${_cmp_val}__" != *"__${_cond_val}__"* ]]; then continue; - elif [[ "$_not" ]] && [[ "__${_cmp_val}__" == *"__${_cond_val}__"* ]]; then continue; + if [[ -z "$_not" ]] && [[ "__${_cmp_val}__" != *"__${_cond_val}__"* ]]; then continue; + elif [[ "$_not" ]] && [[ "__${_cmp_val}__" == *"__${_cond_val}__"* ]]; then continue; fi ;; esac @@ -209,6 +209,7 @@ gitleaks: - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" - mkdir -p ./gitleaks - install_gitleaks_rules + - git config --global --add safe.directory "${CI_PROJECT_DIR}" script: - gitleaks detect ${TRACE+--log-level debug} --source . $gitleaks_rule_opts --report-path ./gitleaks/gitleaks-report.json $GITLEAKS_ARGS artifacts: