Integrate with Gitlab

The Sysdig Vulnerability CLI scanner output is not compatible with Gitlab by default. Use the translator tool below to convert the Sysdig CLI scanner output to Gitlab format and automatically generate visual reports in Gitlab.


Have the following ready:

Run in Gitlab

The code below runs the Sysdig CLI Scanner, translates the output to an acceptable format, and then uploads it to Gitlab.

In GitLab, add the following to your .gitlab-ci.yml file:

stages:          # List of stages for jobs, and their order of execution
  - scan

  stage: scan
      - docker build -t image-to-scan .     # Build the image to scan
      - touch gitlab-report.json            # Create the report file
                                            # Run the scanner
      - docker run -e SECURE_API_TOKEN=$SECURE_API_TOKEN -e SECURE_URL=$SYSDIG_SECURE_ENDPOINT  -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd)"/gitlab-report.json:/gitlab-report.json --rm image-to-scan 
  allow_failure: true
      container_scanning: gitlab-report.json # Upload the report as an artifact
  • SECURE_API_TOKEN: Use your Sysdig Secure API token.
  • SECURE_URL: Use your Sysdig Secure URL.

Test the Integration

To test the integration:

  1. Create a new project/repository in Gitlab.
  2. Add a Dockerfile with a base image of known vulnerabilities. Any Ubuntu or UBI image will do the trick.
  3. Follow the instructions in Run in Gitlab.
  4. Make a merge request.

GitLab will trigger the execution of the pipeline building the image, executing the scanner and generating the report automatically.

If you click on the report, you will see the following: