Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

README.md 2 KB
Newer Older
Ben Balk's avatar
Ben Balk committed
1
2
# GoGit-M

Ben Balk's avatar
Ben Balk committed
3
An automated way to test your code for vulnerabilities!
Ben Balk's avatar
Ben Balk committed
4
5
6

## Getting Started

Ben Balk's avatar
Ben Balk committed
7
8
It couldn't be easier to get started.  Simply create a file in your repo called
.gitlab-ci.yml and paste the following text into it:
Ben Balk's avatar
Ben Balk committed
9
```yaml
Ben Balk's avatar
Ben Balk committed
10
11
12
13
14
15
16
17
18
19
20
---
stages:
  - sast

bandit:
  stage: sast
  image: python:latest
  script:
  - pip install bandit
  - bandit -r .
  allow_failure: true
Ben Balk's avatar
Ben Balk committed
21
```
Ben Balk's avatar
Ben Balk committed
22
An example .gitlab-ci.yml file is included in this project.
Ben Balk's avatar
Ben Balk committed
23

Ben Balk's avatar
Ben Balk committed
24
### If You Are Already Using GitLab's CI/CD Pipelines
Ben Balk's avatar
Ben Balk committed
25

Ben Balk's avatar
Ben Balk committed
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
To add this test to an existing GitLab Pipeline, use the following
as an example:
```yaml
---
  stages:
    - lint
    - test
    - sast # <---Add this line to your pipeline stages.

flake8:
  image: python:2.7-jessie
  stage: lint
  before_script:
    - pip install flake8
  script:
    - flake8 tests src *.py
  allow_failure: true
Ben Balk's avatar
Ben Balk committed
43

Ben Balk's avatar
Ben Balk committed
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
test-py27:
  image: python:2.7-jessie
  stage: test
  before_script:
    - pip install pytest-cov pytest-mock
    - pip install -e .
  script:
    - pytest --cov=src --junitxml=junit.xml
  artifacts:
    reports:
      junit: junit.xml

# Add a job like this one and specify the "sast" stage.
bandit:
  stage: sast
  image: python:latest
  script:
  - pip install bandit
  - bandit -r .
  allow_failure: true
Ben Balk's avatar
Ben Balk committed
64
65
```

Ben Balk's avatar
Ben Balk committed
66
67
68
69
70
### Prerequisites

Your code repo needs to be hosted in GitLab (https://gitlab.umich.edu).
The University of Michigan instance of GitLab has a built-in GitLab Runner
that will be used automatically if you create a .gitlab-ci.yml file.
Ben Balk's avatar
Ben Balk committed
71
72


Ben Balk's avatar
Ben Balk committed
73
### What happens now?
Ben Balk's avatar
Ben Balk committed
74

Ben Balk's avatar
Ben Balk committed
75
76
Out of the box we are offering an easy entry point into automatically testing
your python code for static vulnerabilities.  This simple test will use Bandit
Ben Balk's avatar
Ben Balk committed
77
78
79
to find common security issues in Python code.  Once your .gitlab-ci.yml file
is in place, this testing will occur with every commit that you make to your
repo!
Ben Balk's avatar
Ben Balk committed
80
81
82

## Authors

Ben Balk's avatar
Ben Balk committed
83
84
* **Ben Balk** - bbalk@umich.edu
* **Greg Benn** - gbenn@umich.edu
Ben Balk's avatar
Ben Balk committed
85
* **Rick Getchell** - rgetchel@umich.edu
Ben Balk's avatar
Ben Balk committed
86
* **Patrick Steffes** - psteffes@umich.edu
Ben Balk's avatar
Ben Balk committed
87
88
89

## Acknowledgments

Ben Balk's avatar
Ben Balk committed
90
* The 2019 Hacks With Friends Volunteers!!!