GitLab CI template for Test SSL
This project implements a generic GitLab CI template for TLS/SSL compliancy using Test SSL.
In order to include this template in your project, add the following to your
include: - project: 'to-be-continuous/testssl' ref: '2.0.1' file: '/templates/gitlab-ci-testssl.yml'
this job do not fail unless there is a technical problem while scanning your endpoint. This means you have to read the tool report on gitlab or download the report to properly assert if the security level of your endpoint is correct. You can use DTSI variant which will fail on non-compliance with DTSI rules.
This job performs a TLS/SSL compliancy analysis on a given server.
It uses the following variable:
||The Docker image used to run Test SSL||
||Test SSL command-line options||
||Server url to test TLS/SSL against||none (auto evaluated: see below)|
test url auto evaluation
By default, the Test SSL template tries to auto-evaluates the server url to test by looking either for a
$environment_url variable or for an
Therefore if an upstream job in the pipeline deployed your code to a server and propagated the deployed server url,
either through a dotenv variable
or through a basic
environment_url.txt file, then the Test SSL will automatically be run on this server.
all our deployment templates implement this design. Therefore even purely dynamic environments (such as review environments) will automatically be propagated to your Test SSL tests.
If you're not using a smart deployment job, you may still explicitly declare the
TESTSSL_URL variable (but that
will be unfortunately hardcoded to a single server).
This template is actually tested and validated on GitLab Community Edition instance version 13.12.11