GitLab Integration

AquilaX Security Scan Gitlab Action

AquilaX Security Scan is a comprehensive security analysis tool designed to scan your repositories for vulnerabilities, including issues related to sensitive data exposure, insecure configurations, and common coding weaknesses. The AquilaX Security Scan integrates seamlessly into your CI/CD pipeline to automatically check your repository every time you push or open a pull request.

Why Use AquilaX Security Scan?

• Automated Security Audits: Automatically scan your repository for security vulnerabilities every time code is pushed to the main branch or during pull requests.

• Comprehensive Scanners: Includes scanners for sensitive data exposure (PII), insecure configurations (IaC), container vulnerabilities, code quality (SAST), and more.

• SARIF Integration with GitLab Security: Easily upload scan results in SARIF format to GitLab's security dashboard for detailed insights.

• Customizable: Allows you to set organization ID, group ID, and various scan configurations to suit your project needs.

Setup and Configuration

1. Add the Gitlab Actions YAML File

First, create a new workflow file in your repository. This file will configure the AquilaX Security Scan as part of your CI/CD pipeline.

1. Create a .gitlab-ci.yml file.

Add the following content:

stages:
  - aquilax
  
Security Scan:
  stage: aquilax
  image: python:3.12-slim
  allow_failure: true
  timeout: 5m
  script:
    - |
      echo "$CI_PROJECT_URL.git" - "$CI_COMMIT_REF_NAME"
      pip3 install --no-cache-dir --upgrade aquilax
      aquilax -v
      aquilax login "$AQUILAX_TOKEN" --server "https://aquilax.ai" || exit 1
      aquilax ci-scan \
        "$CI_PROJECT_URL".git \
        --org-id "$AQUILAX_ORG_ID" \
        --group-id "$AQUILAX_GROUP_ID" \
        --branch "$CI_COMMIT_REF_NAME"
  artifacts:
    when: always 
    paths:
      - results.sarif
  rules:
    - if: '$CI_PIPELINE_SOURCE != "schedule"'

2. Set GitLab Secrets

To securely authenticate with AquilaX and prevent exposing sensitive information, set up your secrets in GitLab:

On the left sidebar, click on Settings to expand the menu. Under Settings, click on CI/CD.

in the CI/CD settings page, scroll down to the Variables section. Click on the Expand button next to Variables if it's not already expanded.

Click on the Add variable button.

Key: Enter AQUILAX_TOKEN as the variable key. Value: Enter your actual AquilaX API token. This is the token you use to authenticate with the AquilaX API. Type: Leave it as Variable. Environment scope: Set it to * (the default) to make it available in all environments.

Click on the Add variable button at the bottom of the variable form to save your new CI/CD variable.

3. Set Organization ID and Group ID

In the YAML file, update the placeholders with your organization ID and group ID:

  AQUILAX_ORG_ID: "ORG_ID"
  AQUILAX_GROUP_ID: "GROUP_ID"

Usage

Once you’ve set up the workflow and secrets:

Run on Push: Every time a new commit is pushed to the main branch, the AquilaX Security Scan will automatically start.

Benefits of Using AquilaX Security Scan

Automated Security Checks

Support

For support, email admin@aquilax.ai.

More Links