GitLab
Last updated
Last updated
In order for Gomboc.AI to keep the updated status of any MRs we create for you, you must include a webhook. In order to create a proper webhook, please follow these steps:
Go to our portal, app.gomboc.ai, click on your account icon on the top right > Settings > API Tokens and create a 'Personal' or 'API' token. Use a Personal token when you will be the only one using the token, and use an API token with the appropriate roles if the token will be used within the webhook, or expect multiple people to use the token.
Be sure to copy the created token, and start to set up the GitLab webhook. Within your project settings, under webhooks, click 'Add new webhook'. You will need the following values to successful finish the webhook.
URL: https://scan.app.gomboc.ai/webhook/gitlab
Secret token: <Token copied from the Gomboc settings>
Trigger checkboxes: Only 'Merge request events' needs to be checked
SSL verification: The 'Enable SSL verification' box should be check box should be checked
Once complete, you can finish by clicked 'Add webhook' and proceed to creating the CI/CD, or start to create pull requests through the portal.
GitLab CI/CD can use the following code to use the following job on the Gomboc-AI project. This will trigger a submit for review action on the Gomboc CLI for every pull request.
If more flexibility is desired, the Docker image can be used by using gombocai/cli:latest for the image value in your .gitlab-ci.yml file. The implementation of the CI/CD can be viewed here.
If there are many IAC resources in your projects, Gomboc's scanning processes may encounter rate-limiting imposed either by your custom settings, or the default rate limits for endpoints set by Gitlab on account creation. These may be changed per user in Gitlab's settings. For fastest processing you may raise or remove the rate limits for the Gomboc user for the following endpoints. The process is simple, and is detailed in the documentation below.
Relevant endpoints:
