Add test for retirejs airgap mode (!34) · Merge requests · GitLab.org / security-products / Tests / js-yarn

Adam Cohen requested to merge add-test-for-retirejs-airgap-mode into master Mar 04, 2020

What does this MR do?

This MR tests the behaviour of the new RETIREJS_JS_ADVISORY_DB and RETIREJS_NODE_ADVISORY_DB variables added by gitlab-org/security-products/analyzers/retire.js!28 (merged).

It changes the .gitlab-ci.yml file so that it overrides the RETIREJS_JS_ADVISORY_DB and RETIREJS_NODE_ADVISORY_DB to point to the following locally saved files:

RETIREJS_JS_ADVISORY_DB: jsrepository.json
RETIREJS_NODE_ADVISORY_DB: npmrepository.json

It also inserts a new vulnerability into the locally saved npmrepository.json file for the is-obj package which previously had no vulnerabilities, and tests this result in the qa/expect/gl-dependency-scanning.json file.

Related issue

gitlab-org/gitlab#33719 (closed)

TODO:

Remove DS_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/adamcohen/custom-security-scanners" once gitlab-org/security-products/analyzers/retire.js!28 (merged) has been merged
Replace https://gitlab.com/gitlab-org/gitlab/-/raw/add-retiresjs-vars-to-dependency-scanning/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml with template: Dependency-Scanning.gitlab-ci.yml once gitlab-org/gitlab!26463 (merged) has been merged and deployed to production

Edited Apr 21, 2023 by 🤖 GitLab Bot 🤖

Add test for retirejs airgap mode

What does this MR do?

Related issue

TODO:

Merge request reports