The Wikimedia Security-Team would like to design and build certain components for a modern application security pipeline within the Wikimedia instance of Gitlab (https://gitlab.wikimedia.org/). There is a small (though important) amount of security-related tooling which runs within the context of Gerrit (LibUp, phan-taint-check-plugin). We would like to expand upon these tools by crafting a singular repository where various security-related .gitlab-ci.yml templates would live and be included by relevant repositories via Gitlab's modular CI design. These CI included templates would make use of many of Wikimedia's existing Docker images and provide security-related tools (npm audit, etc.) to be run during various Gitlab CI/CD pipelines and potentially via additional automated and manual triggers.
Description
Description