CI Pipeline Configuration

You can configure your CI pipeline and the interaction with Gomboc in the following ways:

  1. Review type - defines whether a review simply generates comments or if a new pull request is created to address Gomboc code findings.

  2. Trigger type - defines when a review is triggered and code is analyzed by Gomboc

The following table outlines the configuration parameter options and their meanings:

Configuration Option
Options
Description

REVIEW_TYPE

  • submit-for-review

  • preview

This is the type of review that Gomboc will perform on the code.

  • "preview" means that there will be no subsequent pull request created, only a record of the scan in the pipeline logs and in the Gomboc Portal UI.

  • "submit-for-review" means that a pull request (PR) will be created with the fixes that Gomboc discovers are applicable to the code.

Please note that with preview, the pipelines will pass, regardless of any remediations we find.

TRIGGER_TYPE

  • on-pull-request

  • on-commit

This is the type of trigger that was used to initial the Gomboc client.

  • "on-pull-request" means a PR was submitted by a user for review

  • "on-commit" means that the notification came on a commit to a particular branch

IAC_TYPE

  • terraform

  • cloudformation

The IaC types which Gomboc should consider when analyzing the code. If providing multiple values, it must be specified as a comman separated list. For example:

--iac "cloudformation,terraform"
PreviousBitBucket PipelinesNextGitHub Actions

Last updated