From 7b8abb2b2660875a89863b800e5070c3709390d4 Mon Sep 17 00:00:00 2001
From: wep23441 <elizabeth.mamtsits@stfc.ac.uk>
Date: Thu, 27 Mar 2025 14:27:15 +0100
Subject: [PATCH] very important commit 2

---
 .gitlab-ci.yml                                | 21 +++++------------
 ci-configs/case-4-security/README.md          |  3 ---
 ci-configs/case-4-security/container_scan.yml |  2 +-
 ci-configs/case-4-security/sast.yml           | 10 ++++++++
 .../case-4-security/secret_detection.yml      | 23 ++++++++-----------
 5 files changed, 27 insertions(+), 32 deletions(-)
 delete mode 100644 ci-configs/case-4-security/README.md

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 435334d..24d8d61 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,15 +1,11 @@
 stages:
   - code_quality
-  - security_checks
-  - build_image
-  - test_image
-
 
 include:
 
-# # Case 1 Lintls
+# # Case 1 Lint
 # # stages: code_quality
-# - local: ci-configs/case-1-lint/linting_job.yml
+- local: ci-configs/case-1-lint/linting_job.yml
 
 
 # # Case 2 Test
@@ -28,10 +24,10 @@ include:
 
 # Case 4 Security
 # stages: code_quality, security_checks, build_image, test_image
-- local: ci-configs/case-4-security/build_image.yml
-- local: ci-configs/case-4-security/container_scan.yml
-- local: ci-configs/case-4-security/sast.yml
-- local: ci-configs/case-4-security/secret_detection.yml
+# - local: ci-configs/case-4-security/build_image.yml
+# - local: ci-configs/case-4-security/container_scan.yml
+# - local: ci-configs/case-4-security/sast.yml
+# - local: ci-configs/case-4-security/secret_detection.yml
 
 
 # # Case 5 Docs
@@ -42,8 +38,3 @@ include:
 
 # # Case 6: Automate all the things!
 # # I challenge you to put everthing together and become the pipeline master!
-
-
-
-
-
diff --git a/ci-configs/case-4-security/README.md b/ci-configs/case-4-security/README.md
deleted file mode 100644
index 8ad18e5..0000000
--- a/ci-configs/case-4-security/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Task
-1. Add 3 security jobs from `Secure`->`Security Configuration` (jobs to add: SAST, Container Scanning, Secret Detection)
-Make pipline run sucessfully, make sure all the security jobs pass
\ No newline at end of file
diff --git a/ci-configs/case-4-security/container_scan.yml b/ci-configs/case-4-security/container_scan.yml
index f60c961..2201f32 100644
--- a/ci-configs/case-4-security/container_scan.yml
+++ b/ci-configs/case-4-security/container_scan.yml
@@ -16,7 +16,7 @@ container_scanning:
   variables:
     GIT_STRATEGY: clone
     CS_SEVERITY_THRESHOLD: High
-    CS_IMAGE: "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG}"
+    CS_IMAGE: "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}"
 
 container_scan_evaluation:
   stage: test_image
diff --git a/ci-configs/case-4-security/sast.yml b/ci-configs/case-4-security/sast.yml
index 5937dcf..709d878 100644
--- a/ci-configs/case-4-security/sast.yml
+++ b/ci-configs/case-4-security/sast.yml
@@ -1,3 +1,12 @@
+# Some little help for you!
+# SAST SEMGREP job CAN be enabled through GITLAB UI!
+#     # import the template
+#     # define variable for the sast report file as "gl-sast-report.json"
+#     # you can use a variable SECURE_LOG_LEVEL to debug this job
+#     # define the sast job:
+#     # use within code_quality stage
+#     # define artifacts and paths to the report file with expire time of 1 hour
+
 
 sast_evaluation:
   stage: security_checks
@@ -17,4 +26,5 @@ sast_evaluation:
         echo "Artifact $SAST_REPORT_FILE does not exist. The 'sast' job likely didn't create one. Hence, no evaluation can be performed."
         exit 1
       fi
+  needs: [sast]    
 
diff --git a/ci-configs/case-4-security/secret_detection.yml b/ci-configs/case-4-security/secret_detection.yml
index a9bd10d..71689cd 100644
--- a/ci-configs/case-4-security/secret_detection.yml
+++ b/ci-configs/case-4-security/secret_detection.yml
@@ -1,15 +1,11 @@
-# include:
-#   - template: Security/Secret-Detection.gitlab-ci.yml
-
-# secret_detection:
-#   stage: code_quality
-#   variables:
-#     GITLEAKS_CONFIG: ".gitleaks.toml"
-#     SECRET_DETECTION_HISTORIC_SCAN: "true" 
-#   artifacts:
-#     paths:
-#       - $SECRET_DETECTION_REPORT_FILE
-#     expire_in: 1 hour
+# Some little help for you!
+# Secret detection job CAN be enabled through GITLAB UI!
+#     # import the template
+#     # define the secret_detection job:
+#     # use within code_quality stage
+#     # use .gitleaks.toml file as variable
+#     # use the SECRET_DETECTION_HISTORIC_SCAN: "true" as variable
+#     # define artifacts and paths to the report file with expire tim eof 1 hour
 
 secret_detection_evaluation:
   stage: security_checks
@@ -28,4 +24,5 @@ secret_detection_evaluation:
       else
         echo "Artifact $SECRET_DETECTION_REPORT_FILE does not exist. The 'secret-detection' job likely didn't create one. Hence, no evaluation can be performed."
         exit 1
-      fi
+      fi 
+  needs: [secret_detection]     
-- 
GitLab