Skip to content
Snippets Groups Projects
Commit 9ccbadb6 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '44-limit-security-reports-access-to-developer-role-and-above' into 'master'

Resolve "Limit security reports access to developer role and above"

Closes #44

See merge request to-be-continuous/node!77
parents 6922f93a 3d4335fd
No related branches found
No related tags found
No related merge requests found
...@@ -343,7 +343,7 @@ It is bound to the `test` stage. ...@@ -343,7 +343,7 @@ It is bound to the `test` stage.
| `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) | | `audit-disabled` / `NODE_AUDIT_DISABLED` | Set to `true` to disable npm audit | _none_ (enabled) |
| `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` | | `audit-args` / `NODE_AUDIT_ARGS` | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments <br/> pnpm [audit](https://pnpm.io/cli/audit) arguments | `--audit-level=low` |
In addition to a textual report in the console, this job produces the following report, kept for one day: In addition to a textual report in the console, this job produces the following report, kept for one day and only available for download by users with the Developer role or higher:
| Report | Format | Usage | | Report | Format | Usage |
| ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
...@@ -360,7 +360,7 @@ It is bound to the `test` stage. ...@@ -360,7 +360,7 @@ It is bound to the `test` stage.
| `outdated-disabled` / `NODE_OUTDATED_DISABLED` | Set to `true` to disable npm outdated | _none_ (enabled) | | `outdated-disabled` / `NODE_OUTDATED_DISABLED` | Set to `true` to disable npm outdated | _none_ (enabled) |
| `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` | | `outdated-args` / `NODE_OUTDATED_ARGS` | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long` |
The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`. This report is only available for download by users with the Developer role or higher
### `node-semgrep` job ### `node-semgrep` job
...@@ -384,7 +384,7 @@ It is bound to the `test` stage, and uses the following variables: ...@@ -384,7 +384,7 @@ It is bound to the `test` stage, and uses the following variables:
> - the `--metrics` option is set to `off`, > - the `--metrics` option is set to `off`,
> - the `--disable-version-check` option is set. > - the `--disable-version-check` option is set.
In addition to a textual report in the console, this job produces the following reports, kept for one week: In addition to a textual report in the console, this job produces the following reports, kept for one week and only available for download by users with the Developer role or higher:
| Report | Format | Usage | | Report | Format | Usage |
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
......
...@@ -731,6 +731,7 @@ node-audit: ...@@ -731,6 +731,7 @@ node-audit:
paths: paths:
- $NODE_PROJECT_DIR/reports/npm-audit.* - $NODE_PROJECT_DIR/reports/npm-audit.*
expire_in: 1 day expire_in: 1 day
access: developer
rules: rules:
# exclude if $NODE_AUDIT_DISABLED set # exclude if $NODE_AUDIT_DISABLED set
- if: '$NODE_AUDIT_DISABLED == "true"' - if: '$NODE_AUDIT_DISABLED == "true"'
...@@ -755,6 +756,7 @@ node-outdated: ...@@ -755,6 +756,7 @@ node-outdated:
paths: paths:
- $NODE_PROJECT_DIR/reports/npm-outdated.* - $NODE_PROJECT_DIR/reports/npm-outdated.*
expire_in: 1 day expire_in: 1 day
access: developer
rules: rules:
# exclude if $NODE_OUTDATED_DISABLED set # exclude if $NODE_OUTDATED_DISABLED set
- if: $NODE_OUTDATED_DISABLED == "true" - if: $NODE_OUTDATED_DISABLED == "true"
...@@ -788,6 +790,7 @@ node-semgrep: ...@@ -788,6 +790,7 @@ node-semgrep:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always when: always
expire_in: 1 week expire_in: 1 week
access: developer
reports: reports:
sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json sast: $NODE_PROJECT_DIR/reports/node-semgrep.gitlab.json
paths: paths:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment