Upload package hunter report to S3
What does this MR do and why?
This MR adds an after_script
to package hunter jobs that uploads the test report to an S3 bucket. Part of https://gitlab.com/gitlab-com/gl-security/security-research/sec-research/-/issues/48
These steps have to be completed before the MR is merged:
-
Set up credentials for S3 access in the project settings as environment variable AWS_ACCESS_KEY_ID_SIEM_REPORT_INGESTION
and$AWS_SECRET_ACCESS_KEY_SIEM_REPORT_INGESTION
. The variables must be protected and masked. See also https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/loading-node-credentials-shared.html. - ...
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Checkout out this branch and start the image used in this CI job:
docker run --entrypoint /bin/bash --rm -v "$(pwd):/app" -it registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:1.1.0
Then run the commands in after_script
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Rémy Coutable