Gomboc User Docs
  • Welcome
  • Getting Started
    • Access & Log in
    • Initial Set up
    • Free Trial Setup Guide
  • Integrations
    • Domains & IPs
    • Cloud Security Posture Management (CSPM)
      • Orca Security
      • Wiz
    • Source Code Management (SCM)
      • Azure Devops
      • GitHub
      • GitLab
      • BitBucket
    • VSCode Plugin
  • API
  • Configuration
    • Browser Settings
    • Authentication - Pwdless & SSO
    • User Management
  • Remediation Process
  • Security Status
  • Scan Results
  • Troubleshooting
  • Data Architecture & Flows
  • Glossary
Powered by GitBook
On this page
  • Webhooks
  • CI/CD
  • Pull request pipeline
  • Scheduled pipeline
  • Rate Limiting
Edit on GitHub
  1. Integrations
  2. Source Code Management (SCM)

GitLab

PreviousGitHubNextBitBucket

Last updated 1 month ago

Webhooks

In order for Gomboc.AI to keep the updated status of any MRs we create for you, you must include a webhook. In order to create a proper webhook, please follow these steps:

  1. Go to our portal, , click on your account icon on the top right > Settings > API Tokens and create a 'Personal' or 'API' token. Use a Personal token when you will be the only one using the token, and use an API token with the appropriate roles if the token will be used within the webhook, or expect multiple people to use the token.

  2. Be sure to copy the created token, and start to set up the GitLab webhook. Within your project settings, under webhooks, click 'Add new webhook'. You will need the following values to successful finish the webhook.

    1. URL: https://scan.app.gomboc.ai/webhook/gitlab

    2. Secret token: <Token copied from the Gomboc settings>

    3. Trigger checkboxes: Only 'Merge request events' needs to be checked

    4. SSL verification: The 'Enable SSL verification' box should be check box should be checked

  3. Once complete, you can finish by clicked 'Add webhook' and proceed to creating the CI/CD, or start to create pull requests through the portal.

CI/CD

Pull request pipeline

GitLab CI/CD can use the following code to use the following job on the Gomboc-AI project. This will trigger a submit for review action on the Gomboc CLI for every pull request. You can replace the effect input with preview if no pull request is wanted. Please note that with preview, the pipelines will pass, regardless of any remediations we find.

# Example of a pipeline that runs on ever Pull Request
include:
  - 'https://gitlab.com/gomboc-ai/actions/-/raw/main/action/.gitlab-ci.yml'

stages:
  - example

variables:
  EFFECT: submit-for-review

setup-job:
  stage: example
  extends: .run-scan
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

Scheduled pipeline

# Example of a pipeline that can be run on a schedule
# The 'target_directories' array should be updated to include all directories
# that include your IaC that should be scanned

image:
  name: gombocai/cli:1.0.4
  entrypoint: [""]

stages:
  - build

run-scan:
  id_tokens:
    GL_ID_TOKEN:
      aud: https://gomboc.ai
  stage: build
  variables:
    FORCE_COLOR: 3
  script:
  - |
      target_directories=("." "tf" "terraform")
      gomboc submit-for-review on-schedule --auth-token $GL_ID_TOKEN --target-directories "${target_directories[@]}" --iac cloudformation terraform

Rate Limiting

If there are many IAC resources in your projects, Gomboc's scanning processes may encounter rate-limiting imposed either by your custom settings, or the default rate limits for endpoints set by Gitlab on account creation. These may be changed per user in Gitlab's settings. For fastest processing you may raise or remove the rate limits for the Gomboc user for the following endpoints. The process is simple, and is detailed in the documentation below.

Relevant endpoints:

The Gomboc CLI command also recognizes scheduled execution to support detecting remediations in code that happen due to changes in IaC modules or improvements in Gomboc remediation coverage. You can view the to setup scheduled pipelines.

If more flexibility is desired, the Docker image can be used by using gombocai/cli:latest for the image value in your .gitlab-ci.yml file. The implementation of the CI/CD can be viewed . From the image, you may use the gomboc command directly.

GitLab pipeline documentation
here
Projects
Groups
Git HTTP rate limiting
app.gomboc.ai