Skip to main content

Example: Scan integration with GitLab

Review the Scan integration steps before you integrate Scan with GitLab.

This example shows how to set up a GitLab pipeline for these actions:

Pulling code from a repository.
This action might not be necessary if you're using GitLab as a code repository.
Building the code
Scanning a generated JAR file.

Pipeline setup example

This sample YAML file shows the steps to set up the GitLab pipeline.

stages:          # List of stages for jobs, and their order of execution
  - pull
  - build
  - scan
#   - deploy

pull:
  stage: pull
  artifacts:
    paths:
    - WebGoat
  script:
    - git clone -b main https://github.com/WebGoat/WebGoat.git

build:
  stage: build
  image: maven:3.8.1-openjdk-17-slim
  artifacts:
    paths:
    - $CI_PROJECT_DIR
  dependencies:
    - pull
  script:
    - ls -l /tmp
    - cd WebGoat
    - mvn -DskipTests clean install

scan:         # This is the step for Contrast Scan
  stage: scan
  image: node:18.19-slim
  dependencies:
    - build
  script:
    - ls -la
    - npm install -g @contrast/contrast@latest
    - contrast version
    - contrast auth --api-key $API_KEY --authorization $AUTH --organization-id $ORG_ID --host $URL
    - contrast scan -f $CI_PROJECT_DIR/WebGoat/target/webgoat-2023.7.jar --fail --severity high

deploy: #TODO

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.