Skip to content
Launch GitLab Knowledge Graph

Add CI/CD pipeline with security scanning

billrequested to merge
feature/add-cicd-security-scanning into main

Description

This MR adds a comprehensive CI/CD pipeline with automated security scanning to the web-dashboard project.

Changes

  • Added .gitlab-ci.yml with build, test, and security stages
  • Enabled Dependency Scanning for npm packages
  • Enabled SAST (Static Application Security Testing) using Semgrep
  • Enabled Secret Detection to catch accidentally committed secrets
  • Configured caching for node_modules to speed up pipeline
  • Added artifact retention for build outputs

Pipeline Stages

  1. Build: Compiles the React TypeScript application
  2. Test: Runs unit tests with coverage reporting
  3. Security: Runs dependency scanning, SAST, and secret detection

Expected Security Findings

This pipeline will detect the vulnerable dependencies currently in package.json:

  • lodash 4.17.15 (CVE-2020-8203)
  • minimist 1.2.5 (CVE-2020-7598, CVE-2021-44906)
  • axios 0.21.1 (CVE-2023-45857)

These will be addressed in a follow-up MR.

Testing

  • Pipeline should trigger automatically on this MR
  • Build and test stages should pass
  • Security scans should detect known vulnerabilities

Closes #13

cc @sabrina @bill

Merge request reports