Service StatusFeature RequestLogin

GitLab Integration

How to scan your code with AquilaX with GitLab Jobs

AquilaX Security Scan Gitlab Action

AquilaX Security Scan is a comprehensive security analysis tool designed to scan your repositories for vulnerabilities, including issues related to sensitive data exposure, insecure configurations, and common coding weaknesses. The AquilaX Security Scan integrates seamlessly into your CI/CD pipeline to automatically check your repository every time you push or open a pull request.

Why Use AquilaX Security Scan?

  • Automated Security Audits: Automatically scan your repository for security vulnerabilities every time code is pushed to the main branch or during pull requests.

  • Comprehensive Scanners: Includes scanners for sensitive data exposure (PII), insecure configurations (IaC), container vulnerabilities, code quality (SAST), and more.

  • SARIF Integration with GitHub Security: Easily upload scan results in SARIF format to GitHub's security dashboard for detailed insights.

  • Improved Security Posture: Identify and fix security vulnerabilities early in the development cycle to minimize risks.

  • Customizable: Allows you to set organization ID, group ID, and various scan configurations to suit your project needs.

Setup and Configuration

1. Add the Gitlab Actions YAML File

First, create a new workflow file in your repository. This file will configure the AquilaX Security Scan as part of your CI/CD pipeline.

1. Create a .gitlab-ci.yml file.

Add the following content:

stages:
  - scan

variables:
  ORG_ID: "ORG_ID"
  GROUP_ID: "GROUP_ID"

aquilax_scan:
  stage: scan
  image: python:3.9
  variables:
    GIT_URL: "https://gitlab.com/${CI_PROJECT_PATH}.git"
    AQUILAX_AUTH: "$AQUILAX_API_TOKEN"
  script:
    - |
      pip install aquilax
      aquilax ci-scan \
        "$GIT_URL" \
        --org-id "$ORG_ID" \
        --group-id "$GROUP_ID"
        
  artifacts:
    when: always
    paths:
      - results.sarif
  only:
    refs:
      - main

2. Set GitHub Secrets

To securely authenticate with AquilaX and prevent exposing sensitive information, set up your secrets in GitHub:

On the left sidebar, click on Settings to expand the menu. Under Settings, click on CI/CD.

in the CI/CD settings page, scroll down to the Variables section. Click on the Expand button next to Variables if it's not already expanded.

Click on the Add variable button.

Key: Enter AQUILAX_API_TOKEN as the variable key. Value: Enter your actual AquilaX API token. This is the token you use to authenticate with the AquilaX API. Type: Leave it as Variable. Environment scope: Set it to * (the default) to make it available in all environments.

Click on the Add variable button at the bottom of the variable form to save your new CI/CD variable.

3. Set Organization ID and Group ID

In the YAML file, update the placeholders with your organization ID and group ID:

  ORG_ID: "ORG_ID"
  GROUP_ID: "GROUP_ID"

You can find these values from your AquilaX dashboard (app.aquilax.ai) / Aquilax CLI

aquilax get orgs # output is your org id
aquilax get groups --org-id "org_id"
--scanners sast_scanner iac_scanner secret_scanner pii_scanner sca_scanner container_scanner cicd_scanner \ # scanners you want to enable

Also, you can set

--fail_on_vulns # If vulnerabilities are found pipeline will break.

Usage

Once you’ve set up the workflow and secrets:

Run on Push: Every time a new commit is pushed to the main branch, the AquilaX Security Scan will automatically start.

Benefits of Using AquilaX Security Scan

Automated Security Checks

Support

For support, email omer@aquilax.ai.

More Links

PreviousGitHub IntegrationNextVulnerability Tickets

Last updated