Integrate with Gitlab
The Sysdig Vulnerability CLI scanner output is not compatible with Gitlab by default. Use the translator tool below to convert the Sysdig CLI scanner output to Gitlab format and automatically generate visual reports in Gitlab.
Prerequisites
Have the following ready:
Gitlab Ultimate
A Sysdig Secure API token. See Retrive the Sysdig API Token.
The Sysdig Secure URL for your region. See SaaS regions and IP Ranges.
Run in Gitlab
The code below runs the Sysdig CLI Scanner, translates the output to an acceptable format, and then uploads it to Gitlab.
In GitLab, add the following to your .gitlab-ci.yml
file:
stages: # List of stages for jobs, and their order of execution
- scan
container_scanning:
stage: scan
script:
- docker build -t image-to-scan . # Build the image to scan
- touch gitlab-report.json # Create the report file
# Run the scanner
- docker run -e SECURE_API_TOKEN=$SECURE_API_TOKEN -e SECURE_URL=$SYSDIG_SECURE_ENDPOINT -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd)"/gitlab-report.json:/gitlab-report.json --rm quay.io/sysdig/gitlab-scanner:latest image-to-scan
allow_failure: true
artifacts:
reports:
container_scanning: gitlab-report.json # Upload the report as an artifact
SECURE_API_TOKEN
: Use your Sysdig Secure API token.SECURE_URL
: Use your Sysdig Secure URL.
Test the Integration
To test the integration:
- Create a new project/repository in Gitlab.
- Add a Dockerfile with a base image of known vulnerabilities. Any Ubuntu or UBI image will do the trick.
- Follow the instructions in Run in Gitlab.
- Make a merge request.
GitLab will trigger the execution of the pipeline building the image, executing the scanner and generating the report automatically.
If you click on the report, you will see the following:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.