GitLab CI
There are two ways to set up Security Pipeline. One is to use it without cloning, and the other is to use it within your corporate GitLab.
Pipelines usage without clonning
Set the following environment variables in the GitLab group where your repositories are located:
SEC_PORTAL_KEY
: This is the authentication API token for the AppSec Portal. You can find it on the Personal Info page (requires authorization, see this page for more information).SEC_DD_KEY
andSEC_DD_URL
: These are used if you want to integrate with DefectDojo. You can get the token from your DefectDojo instance.SEC_MOBILE_MOBSF_URL
: This is used if you want to use an external MobSF (Mobile Security Framework).
Once you have set up these variables, you can trigger the pipelines.
Pipelines usage in corporate GitLab
Setup
Create a shared group in your corporate GitLab.
Create a project in the shared group.
Push the project content to your project.
Edit the
common/variables.yml
file with the proper URLs inSEC_DD_URL
andSEC_MOBILE_MOBSF_URL
(if you want to use an external MobSF).Edit the
SEC_PATH_TO_IMAGES
variable incommon/variables.yml
(this variable should point to the project path to the security images project).Add the same value to the
pipelines.yml
file to set the.image
include directive properly. We will remove this step later. (image:$CI_REGISTRY/whitespots-public/security-images/toolset:latest
)Set the following environment variables in the GitLab group where your repositories are located:
SEC_PORTAL_KEY
: This is the authentication API token for the AppSec Portal. You can find it on the Personal Info page (requires authorization, see this page for more information).SEC_DD_KEY
: used for DefectDojo integration. You can get the token from your DefectDojo instance.
If you have any issues during installation or have any questions about using our pipelines, don't hesitate to reach out to our support team sales@whitespots.io ❤️.
Last updated