.gitlab-ci.yml

stages:
  - Build
  - Image Scan
  - Application Scan
  
include:  
  - remote: 'https://gitlab.com/prismacloud-public/shift-left/extension/-/raw/master/.pcs.gitlab-ci.yml'

Build Image:
  stage: Build
  tags:
    - devsecops-instance
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  
prisma-cloud-compute-scan:
  stage: Image Scan
  extends:
    - .pcs_compute_scan
  tags:
    - twistcli
  when: manual
  allow_failure: false
  variables:
      prisma_cloud_scan_image: "registry.epa.gov/qed/qed-flask:dev"
      prisma_cloud_compute_url: "https://prismacloud.gitlab-prod.aws.epa.gov"
      GIT_STRATEGY: clone
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD registry.epa.gov
    - docker pull $prisma_cloud_scan_image
    - ./image_scan.sh  
    
NetSparker:
  stage: Application Scan
  tags:
    - devsecops-instance
  when: manual
  image: docker:20.10
  # This needs a NetSparker image to invoke the scan.
  script:
    - echo "Simulate a NetSparker scan."