From b770feabdbb7eef2fef31fba5a23578cfb26b531 Mon Sep 17 00:00:00 2001
From: Sven Kubiak <sk@svenkubiak.de>
Date: Tue, 28 Jun 2022 10:14:04 +0000
Subject: [PATCH] Configure Secret Detection in `.gitlab-ci.yml`, creating this
 file if it does not already exist

---
 .gitlab-ci.yml | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7c143ea..f9b33f3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,32 +1,37 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 image: maven:3.8.4-openjdk-17
-
 stages:
-  - test
-  - sonar
-  - owasp
-
+- test
+- sonar
+- owasp
 variables:
-  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
-  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
-
+  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
+    -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
+  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true
+    -DdeployAtEnd=true"
 cache:
   paths:
-    - .m2/repository
-
+  - ".m2/repository"
 owasp:
   stage: owasp
   script:
   - mvn $MAVEN_CLI_OPTS -Denforcer.skip clean dependency-check:check
   only:
   - schedules
-
 test:
   stage: test
   script: mvn $MAVEN_CLI_OPTS clean verify
-
 sonar:
   stage: sonar
-  script: 
-  - mvn $MAVEN_CLI_OPTS clean verify sonar:sonar --settings settings.xml   
+  script:
+  - mvn $MAVEN_CLI_OPTS clean verify sonar:sonar --settings settings.xml
   only:
   - master
+include:
+- template: Security/Secret-Detection.gitlab-ci.yml