Vulnerability Scanning in Gitlab CI

.gitlab-ci.yaml

stages:
  - vulnerability-scanning

osv-scanner:
  stage: vulnerability-scanning
  image: golang
  before_script:
    - go install github.com/google/osv-scanner/cmd/osv-scanner@v1
  script:
    - osv-scanner -v
    - osv-scanner --lockfile=requirements.txt

grype-scanner:
  stage: vulnerability-scanning
  before_script:
    - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
  script:
    - grype version
    - grype <image> --scope all-layers --only-notfixed -v

yelp-scanner:
  stage: vulnerability-scanning
  image: python
  before_script:
    - pip install detect-secrets
  script:
    - detect-secrets --version
    - detect-secrets scan

bandit-scanner:
  stage: vulnerability-scanning
  image: python
  before_script:
    - pip install bandit
  script:
    - bandit -r .

gitleaks-scanner:
  stage: vulnerability-scanning
  image: ubuntu
  before_script:
    - git clone https://github.com/gitleaks/gitleaks.git
    - cd gitleaks
    - make build
    - cd ..
  script:
    - gitleaks detect -v