Gomboc User Docs
  • Quickstart
  • Gomboc Portal
    • Access & Log in
    • Initial Set up
    • Free Trial Setup Guide
  • Integrations
    • Domains & IPs
    • Cloud Security Posture Management (CSPM)
      • Orca Security
      • Wiz
    • Source Code Management (SCM)
      • Azure Devops
      • GitHub
      • GitLab
      • BitBucket
    • VSCode Plugin
    • Continuous Integration (CI) Build Systems
      • Azure Devops Pipelines
  • API
  • Configuration
    • Browser Settings
    • Authentication - Pwdless & SSO
    • User Management
  • Remediation Process
  • Security Status
  • Scan Results
  • Troubleshooting
  • Data Architecture & Flows
  • Glossary
Powered by GitBook
On this page
  • CI/CD
  • Pull Request Pipeline
  • Scheduled Pipeline
  • Custom Pipelines
Edit on GitHub
  1. Integrations
  2. Source Code Management (SCM)

GitHub

CI/CD

Pull Request Pipeline

To use the GitHub action, you can copy the code listed below. This will trigger a submit-for-review action on the Gomboc CLI for every pull request. You can replace the effect input with preview if no pull request is wanted. Please note that with preview, the pipelines will pass, regardless of any remediations we find.


name: Gomboc.AI Terraform

permissions:
  id-token: write
  contents: read

on:
  pull_request:

jobs:
  gomboc:
    runs-on: ubuntu-latest
    steps:
      - name: Gomboc.AI - Terraform Remediate
        uses: Gomboc-AI/actions/on-pull-request@main
          with:
            effect: submit-for-review
            iac: terraform cloudformation
            cli-version: 'latest'

Scheduled Pipeline


name: Gomboc.AI Terraform

permissions:
  id-token: write
  contents: read

on:
  pull_request:

schedules:
 - cron: '0 0 * * *' # Runs the job at midnight
   displayName: "test-scheduled-pipeline"
   branches:
     include:
     - main
   always: false # should be made to true if runs should be started regardless if changes were made to the repo

jobs:
  gomboc:
    runs-on: ubuntu-latest
    steps:
      - name: Gomboc.AI - Terraform Remediate
        uses: Gomboc-AI/actions/on-schedule@main
          with:
            effect: submit-for-review
            target-directory: 'tf'
            recurse: false
            iac: terraform cloudformation
            cli-version: 'latest'

Custom Pipelines

PreviousAzure DevopsNextGitLab

Last updated 2 months ago

The Gomboc pipeline also recognizes scheduled execution to support detecting remediations in code that happen due to changes in IaC modules or improvements in Gomboc remediation coverage. The cronproperty follows standard crontab syntax. You can generate a crontab configuration here - . You can choose whether the pipeline should be run always or should only be run when there are new commits since the last execution.

We currently only support scheduled and pull request workflows, however, if you'd like to use the docker image that contains the Gomboc cli command directly, you can find the images on under gombocai/cli.

https://crontab.guru/
DockerHub