diff --git a/README.md b/README.md index 73635b628c9ade5db7f1b0980cbf3d1f2370f180..182a245b4a7d7a379338496fba17ff94d6bbb809 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,8 @@ It is bound to the `test` stage, and uses the following variables: | Name | description | default value | | --------------------- | -------------------------------------- | ----------------- | | `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` | +| `MAVEN_DEPENDENCY_CHECK_DISABLED` | Set to `true` to disable this job | _none_ | + A Dependency Check is a quite long operation and therefore the job is configured to be ran __manually__ by default. diff --git a/templates/gitlab-ci-maven.yml b/templates/gitlab-ci-maven.yml index aca1f4b1d080ee36829243f3b5ba9bd6270712bd..db8fa13b461ca3be47efbf04a415ef2eac101449 100644 --- a/templates/gitlab-ci-maven.yml +++ b/templates/gitlab-ci-maven.yml @@ -459,6 +459,9 @@ mvn-dependency-check: paths: - "${MAVEN_PROJECT_DIR}/**/target/dependency-check-report.*" rules: + # exclude if disable + - if: '$MAVEN_DEPENDENCY_CHECK_DISABLED == "true"' + when: never # on schedule: auto - if: '$CI_PIPELINE_SOURCE == "schedule"' allow_failure: true