Merge branch 'ymlFile3' into 'master'

test2 See merge request !18

Merge branch 'ymlFile3' into 'master'
test2 See merge request !18
b051a8b6 · Brown, Jonathan D. · 9bd3977d · ccb6f379 · b051a8b6
Commit b051a8b6 authored May 14, 2019 by Brown, Jonathan D.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -20,7 +20,7 @@ variables:
  DOCKER_HUB_IMAGE: "usgs/earthquake-geoserve-ui"
  # DOCKER_HUB_IMAGE: "jamesmalin/usgs-geoserve-ui"
  # Run application locally for testing security vulnerabilities
-  LOCAL_CONTAINER: $APP_NAME-$BUILD_ID-PENTEST
+  LOCAL_CONTAINER: $APP_NAME-$BUILD_ID-pentest
  LOCAL_IMAGE: local/$APP_NAME:$BUILD_ID
  # Runs zap.sh as daemon and used to execute zap-cli calls within
  OWASP_CONTAINER: $APP_NAME-$BUILD_ID-owasp
@@ -39,7 +39,7 @@ stages:
  # - init
  - build
  - unit-tests
-  # - pen-tests
+  - pen-tests
  - publish-image
  # - deploy

@@ -100,38 +100,38 @@ run unit tests:
    - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
    - ng e2e

-# run penetration tests:
-#   stage: pen-tests
-#   image: docker:stable
-#   # before_script:
-#   #   - npm i
-#   #   - npm i highlightjs
-#   only:
-#     - master
-#   script:
-#     - mkdir -p $OWASP_REPORT_DIR
-#     - chmod 777 $OWASP_REPORT_DIR
-#     - docker load -i docker-images/app.tar
-#     - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
-#     - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
-#     - sleep 20
-#     # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
-#     # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
-#     # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
-#     - "docker exec -i ${OWASP_CONTAINER}
-#     curl -I localhost:${ZAP_API_PORT}
-#     > /dev/null 2>&1 && echo 'SUCCESS'"
-#     # - sleep 10
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
-#     # - sleep 10
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
-#     - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
-#     - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
-#   artifacts: # can you make this not available to the public
-#     paths:
-#       - owasp-zap-report.html
-#   dependencies:
-#     - build
+run penetration tests:
+  stage: pen-tests
+  image: docker:stable
+  # before_script:
+  #   - npm i
+  #   - npm i highlightjs
+  only:
+    - master
+  script:
+    - mkdir -p $OWASP_REPORT_DIR
+    - chmod 777 $OWASP_REPORT_DIR
+    - docker load -i docker-images/app.tar
+    - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
+    - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
+    - sleep 20
+    # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
+    # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
+    # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true
+    - "docker exec -i ${OWASP_CONTAINER}
+    curl -I localhost:${ZAP_API_PORT}
+    > /dev/null 2>&1 && echo 'SUCCESS'"
+    # - sleep 10
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
+    # - sleep 10
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
+    - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
+    - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
+  artifacts: # can you make this not available to the public
+    paths:
+      - owasp-zap-report.html
+  dependencies:
+    - build

 publish image:
  stage: publish-image