From 8a859082cdee94811bd7a413a39b6fcfdd1dd2ac Mon Sep 17 00:00:00 2001
From: Atanas Janeshliev <atanas.janeshliev@proton.ch>
Date: Mon, 29 Apr 2024 13:39:00 +0200
Subject: [PATCH] ci: added gitleaks and grype

---
 .gitlab-ci.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ba8d8f7f..1b3f40a7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,10 +25,14 @@ variables:
   GOMAXPROCS: $(( ${CI_TAG_CPU} / 2 ))
 
 before_script:
-  - apt update && apt-get -y install libsecret-1-dev
-  - git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
+  - |
+    if [ "$CI_JOB_NAME" != "grype-scan-code-dependencies" ]; then
+      apt update && apt-get -y install libsecret-1-dev
+      git config --global url.https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}.insteadOf https://${CI_SERVER_HOST}
+    fi
 
 stages:
+  - analyse
   - test
   - build
 
@@ -38,4 +42,10 @@ include:
   - local: ci/env.yml
   - local: ci/test.yml
   - local: ci/build.yml
+  - component: gitlab.protontech.ch/proton/devops/cicd-components/devsecops/gitleaks/scan-repository@~latest
+    inputs: 
+      stage: analyse 
+  - component: gitlab.protontech.ch/proton/devops/cicd-components/devsecops/grype/scan-code@0.0.12
+    inputs:
+      stage: analyse