hello, I know I’m doing something wrong, but what I am seeing is that if a stages with multiple jobs the docker container is being reused before the current job is complete and is causing the job to fail. This is also occurring with the built in static code checks and I can’t figure out what setting I need to use to stop gitlab from walking over other jobs within the same stage. Any idea would be great.
stages:
- test_non_terraform
- test
- test_terraform
test-terraform-checkov-job:
stage: test_terraform
script:
- wget https://releases.hashicorp.com/terraform/$version/terraform_1.0.0_linux_amd64.zip
- unzip terraform_${version}_linux_amd64.zip
- chmod 770 ./terraform
- ./terraform init
- pip3.7 install checkov
- tfsec='https://github.com/tfsec/tfsec/releases/download/v0.39.34/tfsec-linux-amd64'
- wget $tfsec
- chmod 777 tfsec-linux-amd64
- checkov -o junitxml --framework terraform -d ./ --skip-check "${checkov_disabled_checks}" > checkov.xml
artifacts:
reports:
junit: checkov.xml
test-terraform-tfsec-job:
stage: test_terraform
script:
- wget https://releases.hashicorp.com/terraform/$version/terraform_1.0.0_linux_amd64.zip
- unzip terraform_${version}_linux_amd64.zip
- chmod 770 ./terraform
- ./terraform init
- wget $tfsec
- chmod 777 tfsec-linux-amd64
- ./tfsec-linux-amd64 --format JUnit ./ -e "${tfsec_disabled_checks}" > tfsec.xml
artifacts:
reports:
junit: tfsec.xml
sast:
stage: test_non_terraform
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
variables:
SECURE_LOG_LEVEL: "debug"
SEARCH_MAX_DEPTH: 10
SAST_BRAKEMAN_LEVEL: 0
SAST_FLAWFINDER_LEVEL: 0
SAST_GOSEC_LEVEL: 0