Example: Scan integration with GitLab
Review the Scan integration steps before you integrate Scan with GitLab.
This example shows how to set up a GitLab pipeline for these actions:
Pulling code from a repository.
This action might not be necessary if you're using GitLab as a code repository.
Building the code
Scanning a generated JAR file.
Pipeline setup example
This sample YAML file shows the steps to set up the GitLab pipeline.
stages: # List of stages for jobs, and their order of execution
- pull
- build
- scan
# - deploy
pull:
stage: pull
artifacts:
paths:
- WebGoat
script:
- git clone -b main https://github.com/WebGoat/WebGoat.git
build:
stage: build
image: maven:3.8.1-openjdk-17-slim
artifacts:
paths:
- $CI_PROJECT_DIR
dependencies:
- pull
script:
- apt-get update && apt-get install -y jq
- VERSION=$(echo "$(curl --fail --silent "https://search.maven.org/solrsearch/select?q=g:"com.contrastsecurity"&a:"contrast-agent"&rows=20&wt=json" | jq -r
'.response.docs[0].latestVersion')") && curl --silent https://repo1.maven.org/maven2/com/contrastsecurity/contrast-agent/${VERSION}/contrast-agent-${VERSION}.jar -o
/tmp/contrast.jar
- ls -l /tmp
- cd WebGoat
- export MAVEN_OPTS="-javaagent:/tmp/contrast.jar -
Dcontrast.api.url=$AGENT_URL -Dcontrast.api.api_key=$AGENT_API_KEY -Dcontrast.api.service_key=$AGENT_SERVICE_KEY -Dcontrast.api.user_name=$AGENT_USER_NAME -Dcontrast.agent.java.standalone_app_name=Webgoat-gitlab -
Dcontrast.server.name=Gitlab -Dcontrast.application.version=$CI_COMMIT_SHORT_SHA"
- mvn -DskipTests clean install
scan: # This is the step for Contrast Scan
stage: scan
image: node:18.19-slim
dependencies:
- build
script:
- ls -la
- npm install -g @contrast/contrast@2
- contrast version
- contrast auth --api-key $API_KEY --authorization $AUTH --organization-id $ORG_ID --host $URL
- contrast scan -f $CI_PROJECT_DIR/WebGoat/target/webgoat-2023.7.jar --fail --severity high
deploy: #TODO