sfrod / exakat-ci

Exakat Docker Container - SAST stage for Gitlab CI/CD Pipeline
2 stars 0 forks source link

Exakat Docker Container - SAST stage for Gitlab CI/CD Pipeline

Exakat is a static analysis engine a tool for analyzing, reporting and assessing PHP code source efficiently and systematically. Exakat processes PHP 5.6 to 7.4 code, as well as reporting on security, performance, code quality, migration. Common best practices and recommendations for specific plat-forms such as Laravel, Wordpress, CakePHP or Drupal Framework are covered. Check all supported Frameworks here.

We propose a Docker container to install and run Exakat 2.0.6 locally or as a part of a Static Application Security Testing (SAST) stage for Gitlab CI/CD Pipeline Integration. The resulted analysis reports can be retrieved as artefacts. See Gitlab CI/CD Pipeline Integration section.

Built With

1) Run Local Code Analysis

  1. Install the sfrod/exakat-ci container:

    $ docker pull sfrod/exakat-ci:latest

    Use Cases

  2. Run Exakat PHP analysis and mounting an existing directory to fetch the reports:

    $ mkdir reports
    $ docker run -v <path/to/project/folder>:/src/ -v \ $(pwd)/reports:/report/ sfrod/exakat-ci:latest
  3. Run Exakat PHP analysis and creating a volume called 'reports' to fetch the reports:

    $ docker run -v <path/to/project/folder>:/src/ -v reports:/report/ sfrod/exakat-ci:latest
  4. Run Exakat PHP analysis based on a framework. Check all supported Frameworks here. :

    $ docker run -v <path/to/project/folder>:/src/ -v $(pwd)/reports:/report/ sfrod/exakat-ci:latest Laravel

2) Gitlab CI/CD Pipeline Intergration

  1. Add this stage in your .gitlab-ci.yml file. Or take a look at our template-gitlab-ci.yml file. Reports can be retrieved as artifacts at the end of the job. Analysis using Frameworks are in Text format named as Ext_'used Framework'_report.txt.

    stages:
       - sast
    
    sast:
        stage: sast
        image: docker:latest
        services: 
        - docker:18-dind
        variables:
        DOCKER_DRIVER: overlay2
        SHARED_PATH: /builds/$CI_PROJECT_PATH/shared
        script:
        - mkdir -p ${SHARED_PATH}
        - docker run -v $CI_PROJECT_DIR:/src -v ${SHARED_PATH}:/report sfrod/exakat-ci:latest Laravel
        artifacts:
        when: always
        paths:
            - /builds/$CI_PROJECT_PATH/shared/*

Disclamer

This is an unofficial build and my try to build an exakat container to integrate it as a Static Application Security Testing (SAST) stage at Gitlab CI/CD Pipeline workflow.