-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add snippets for circle and gitlab (#24)
Signed-off-by: Parth Sharma <86726240+parth-deepsource@users.noreply.github.com> Co-authored-by: Parth Sharma <86726240+parth-deepsource@users.noreply.github.com>
- Loading branch information
1 parent
de1c525
commit 9253bf3
Showing
2 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| version: 2.1 | ||
|
|
||
| executors: | ||
| default: | ||
| docker: | ||
| - image: cimg/base:2024.01 | ||
|
|
||
| jobs: | ||
| scan-and-report: | ||
| executor: default | ||
| steps: | ||
| - checkout | ||
|
|
||
| - run: | ||
| name: Install Kubelinter | ||
| command: | | ||
| # Install the latest version of kube-linter. You can also pin a specific version. | ||
| curl -L https://github.com/stackrox/kube-linter/releases/latest/download/kube-linter-linux.tar.gz | tar -xz | ||
| sudo mv kube-linter /usr/local/bin/ | ||
| - run: | ||
| name: Analyze repository with kube-linter | ||
| command: | | ||
| # Please tweak this if you don't want to run analysis on the entire repo everytime. | ||
| kube-linter lint . --format sarif | tee kube-linter.sarif || true | ||
| # Make sure you set the `DEEPSOURCE_DSN` env variable as a secret in your project. | ||
| - run: | ||
| name: Upload SARIF report to DeepSource | ||
| command: | | ||
| # Install the DeepSource CLI | ||
| curl https://deepsource.io/cli | sh | ||
| # Send the report to DeepSource | ||
| ./bin/deepsource report --analyzer kube-linter --analyzer-type community --value-file ./kube-linter.sarif | ||
| workflows: | ||
| scan-kube-linter-workflow: | ||
| jobs: | ||
| - scan-and-report |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| stages: | ||
| - scan_and_report | ||
|
|
||
| before_script: | ||
| - apt update | ||
| - apt install -y curl git | ||
|
|
||
| kubelinter: | ||
| stage: scan_and_report | ||
| image: debian:stable-slim | ||
| script: | ||
| # Install the latest version of kube-linter. You can also pin a specific version. | ||
| - curl -L https://github.com/stackrox/kube-linter/releases/latest/download/kube-linter-linux.tar.gz | tar -xz | ||
| - mv kube-linter /usr/local/bin/ | ||
| # Run kube-linter. Please tweak this if you don't want to run analysis on the entire repo everytime. | ||
| - kube-linter lint . --format sarif | tee kube-linter.sarif || true | ||
| # Install the DeepSource CLI and send the report to DeepSource | ||
| # Make sure you set the `DEEPSOURCE_DSN` env variable as a secret in your project. | ||
| - curl -sSL https://deepsource.io/cli | sh | ||
| - ./bin/deepsource report --analyzer kube-linter --analyzer-type community --value-file ./kube-linter.sarif | ||
|
|
||
| rules: | ||
| - if: $CI_PIPELINE_SOURCE == "push" | ||
|
|