Upload package hunter report to S3 (!79843) · Merge requests · GitLab.org / GitLab

Dennis Appelt requested to merge da/updoad-package-hunter-artefact into master Feb 03, 2022

What does this MR do and why?

This MR adds an after_script to package hunter jobs that uploads the test report to an S3 bucket. Part of https://gitlab.com/gitlab-com/gl-security/security-research/sec-research/-/issues/48

These steps have to be completed before the MR is merged:

Set up credentials for S3 access in the project settings as environment variable AWS_ACCESS_KEY_ID_SIEM_REPORT_INGESTION and $AWS_SECRET_ACCESS_KEY_SIEM_REPORT_INGESTION. The variables must be protected and masked. See also https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/loading-node-credentials-shared.html.
...

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Checkout out this branch and start the image used in this CI job:

docker run --entrypoint /bin/bash --rm -v "$(pwd):/app"  -it registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:1.1.0

Then run the commands in after_script.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 01, 2022 by Rémy Coutable

Upload package hunter report to S3

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports