Skip to main content

CI secret scanning for GitLab

Maurice Evans
  • Updated

To configure CI secret scanning for GitLab, you will need to create two pipeline variables and create or add to your yaml pipeline script.

Note, this CL integration supports merge requests.

Create Variables:

The following two pipeline variables need to be created whether you are creating a new pipeline or using an existing pipeline:

Name: BLUBRACKET_INTEGRATION_KEY

Value: Create a BluBracket Integration API token

Steps to create a BluBracket API token:
https://support.blubracket.com/hc/en-us/articles/4403018405140-Event-and-Alert-APIs

Name: BLUBRACKET_CI_CD_API

Value: https://[your BluBracket tenant name]/api/analyzer/commit/scan
Example: https://acme.blubracket.com/api/analyzer/commit/scan

Pipeline Script:
The following should be added to your pipeline script:

secret-scan:
  # Use the official docker image.
  image: docker:latest
  stage: build
  services:
    - docker:dind
  script:
    - |
      set -ex
      env
      docker run \
        -e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER="$CI_MERGE_REQUEST_IID" \
        -e BLUBRACKET_CI_CD_API="$BLUBRACKET_CI_CD_API" \
        -e BLUBRACKET_CI_CD_TOKEN="$BLUBRACKET_INTEGRATION_KEY" \
        -e BUILD_REPOSITORY_URI="$CI_PROJECT_URL" \
        blubracket/ci-cd-scan:latest
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk