After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Gitlab.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Follow this video to add CI/CD Variables in your Gitlab repository.
In your GitLab repository, go to "Settings" > "CI / CD" > "Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.
3. Create GitLab CI/CD Configuration File
Create a new file in your repository named .gitlab-ci.yml and paste the provided configuration.
1
2 # This is a GitLab CI/CD pipeline configuration file (.gitlab-ci.yml)
3
4 stages:
5 - test
6
7 variables:
8 AZ_API_KEY: "$AZ_TOKEN"
9 PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
10 BRANCH_NAME: "$CI_COMMIT_REF_NAME"
11 DOCKER_USERNAME: "$DOCKER_USERNAME"
12 DOCKER_TOKEN: "$DOCKER_TOKEN"
13 armourzero_security_test_pre:
14 stage: test
15 image: docker:19.03
16 services:
17 - docker:19.03-dind
18 script:
19 - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
20 - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$CI_PROJECT_PATH" --runEnv="demo"
21 allow_failure: true
22
4. Commit and Push
Save the changes to the .gitlab-ci.yml file. Commit and push the changes to your GitLab repository.
5. Monitor Pipelines
Go to your GitLab repository. Click on "CI / CD" > "Pipelines." You'll see the status of your pipeline. Click on it to view details.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.