diff --git a/CHANGELOG.md b/CHANGELOG.md index f11f7ce..71ead97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +## v2.1.0 +### feat: Update options with latest enhancements ## v2.0.2 ### fix: Bump version ## v2.0.1 diff --git a/README.md b/README.md index 65c4df6..664109e 100644 --- a/README.md +++ b/README.md @@ -41,9 +41,11 @@ seqra-job: # Relative path to the root of the analyzed project PROJECT_ROOT: "." # Tag of seqra release - SEQRA_VERSION: "v2.0.2" - # Relative path to rules. If set RULES_REPOSITORY not used - RULES_PATH: "" + SEQRA_VERSION: "v2.1.0" + # Comma-separated paths to rule files or directories (e.g., "rules/custom.yml,rules/extra") + RULES_PATH: "builtin" + # Comma-separated severity levels to report: note, warning, error + SEVERITY: "warning,error" # Scan timeout TIMEOUT: "15m" ``` diff --git a/seqra.gitlab-ci.yml b/seqra.gitlab-ci.yml index 124897a..167018b 100644 --- a/seqra.gitlab-ci.yml +++ b/seqra.gitlab-ci.yml @@ -10,9 +10,11 @@ # Relative path to the root of the analyzed project PROJECT_ROOT: "." # Tag of seqra release - SEQRA_VERSION: "v2.0.2" - # Relative path to rules. If set RULES_REPOSITORY not used - RULES_PATH: "" + SEQRA_VERSION: "v2.1.0" + # Comma-separated paths to rule files or directories (e.g., "rules/custom.yml,rules/extra") + RULES_PATH: "builtin" + # Comma-separated severity levels to report: note, warning, error + SEVERITY: "warning,error" # Scan timeout TIMEOUT: "15m" script: @@ -41,9 +43,15 @@ - | cmd="$SEQRA_ARTIFACTS/seqra scan --quiet" - if [ -n "$RULES_PATH" ]; then - cmd="$cmd --ruleset $RULES_PATH" - fi + IFS=',' read -ra rulesets <<< "$RULES_PATH" + for ruleset in "${rulesets[@]}"; do + cmd="$cmd --ruleset $ruleset" + done + + IFS=',' read -ra severities <<< "$SEVERITY" + for severity in "${severities[@]}"; do + cmd="$cmd --severity $severity" + done cmd="$cmd --timeout $TIMEOUT" cmd="$cmd --output analysis_results/seqra.sarif $SEQRA_ARTIFACTS/project"