Update Auto-DevOps.gitlab-ci.yml

vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml

@@ -42,6 +42,7 @@ stages:
   - build
   - test
   - review
+  - dast
   - staging
   - canary
   - production
@@ -130,6 +131,23 @@ sast:container:
   artifacts:
     paths: [gl-sast-container-report.json]
 
+dast:
+  stage: dast
+  allow_failure: true
+  image: owasp/zap2docker-stable
+  variables:
+    POSTGRES_DB: "false"
+  script:
+    - dast
+  artifacts:
+    paths: [gl-dast-report.json]
+  only:
+    refs:
+      - branches
+    kubernetes: active
+  except:
+    - master
+
 review:
   stage: review
   script:
@@ -270,8 +288,8 @@ production:
     docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
     apk add -U wget ca-certificates
     docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
-    wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386
-    mv clair-scanner_linux_386 clair-scanner
+    wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+    mv clair-scanner_linux_amd64 clair-scanner
     chmod +x clair-scanner
     touch clair-whitelist.yml
     ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
@@ -473,6 +491,14 @@ production:
       -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
   }
 
+  function dast() {
+    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
+
+    mkdir /zap/wrk/
+    /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true
+    cp /zap/wrk/gl-dast-report.json .
+  }
+
   function performance() {
     export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
 
@@ -510,4 +536,4 @@ production:
   }
 
 before_script:
-  - *auto_devops
+  - *auto_devops
\ No newline at end of file