diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index add0136..771fbd7 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -26,26 +26,14 @@ steps: environment: - "GOTOOLCHAIN=auto" artifact_paths: ["coverage.out"] - - group: ":closed_lock_with_key: Security Checks" - depends_on: "go_test" - key: "security" - steps: - - label: ":closed_lock_with_key: gosec" - key: "gosec" - plugins: - - docker#v5.12.0: - image: "securego/gosec:2.20.0" - command: ["-no-fail", "-exclude-generated", "-fmt sonarqube", "-out", "results.txt", "./..."] - environment: - - "GOTOOLCHAIN=auto" - artifact_paths: ["results.txt"] - label: ":github: upload PR reports" key: "scan-upload-pr" if: build.pull_request.id != null - depends_on: ["gosec", "go_test"] + depends_on: ["go_test"] plugins: - - artifacts#v1.9.4: - download: "results.txt" + - cluster-secrets#v1.0.0: + variables: + SONAR_TOKEN: SONAR_TOKEN - artifacts#v1.9.4: download: "coverage.out" step: "go_test" @@ -58,10 +46,11 @@ steps: - label: ":github: upload reports" key: "scan-upload" if: build.branch == "main" - depends_on: ["gosec", "go_test"] + depends_on: ["go_test"] plugins: - - artifacts#v1.9.4: - download: results.txt + - cluster-secrets#v1.0.0: + variables: + SONAR_TOKEN: SONAR_TOKEN - artifacts#v1.9.4: download: coverage.out step: "go_test" diff --git a/sonar-project.properties b/sonar-project.properties index ea0cebc..3119f2c 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -12,5 +12,4 @@ sonar.test.inclusions=**/*_test.go sonar.test.exclusions=**/vendor/** sonar.sourceEncoding=UTF-8 -sonar.go.coverage.reportPaths=coverage.out -sonar.externalIssuesReportPaths=results.txt \ No newline at end of file +sonar.go.coverage.reportPaths=coverage.out \ No newline at end of file