# GitLab Pipeline

### Common Build Integration Documentation

This documentation is specific to Gitlab. [Common build server](https://docs.threatrix.io/integrations/build-integrations) documentation should be reviewed before proceeding further. 

### Environment Variables

Environment variable values can be found in your [user profile](https://docs.threatrix.io/threat-center-1/user-profile).

* THREATRIX\_OID - Your organization ID.
* THREATRIX\_EID - Your entityID (if you wish to override your default).
* THREATRIX\_API\_KEY - Personal or organization API key.

### Install Environment Variables

{% hint style="warning" %}
This step may require administrative privileges within Gitlab
{% endhint %}

From within Gitlab, navigate to Settings -> CI/CD -> Variables, as shown below.

![](https://3093892275-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MbsieSiu0D66DBFP4uh%2F-MbtEcL-5S8vz0RrgPLK%2F-MbtEsIU_FARUnsL8oY5%2FCapture.PNG?alt=media\&token=33960d72-b036-493a-b3fb-57607d088160)

Click "Add Variable" to add THREATRIX\_OID and THREATRIX\_API\_KEY and optionally, a THREATRIX\_EID for which the API key has permissions to create projects.

### Option 1: Add CLI Threat Agent

```
threatrix-scan:
  script:
    - curl -LJO https://github.com/threatrix/threat-agent-dist/releases/download/latest/threat-agent.jar
    - java -jar threat-agent.jar .
  only:
    - merge_requests
```

### Option 2: Add Docker Threat Agent Step to Build

In Gitlab, in the repository you wish you run your scan, create a `.gitlab-ci.yml file` and add the following contents.

{% hint style="warning" %}
This option may not work for Gitlab On-Prem deployments. Please use Option 1 for Gitlab On-Prem.
{% endhint %}

```
threatrix-scan:
  image: gitlab/dind
  script:
    - printenv > host.env
    - docker run -v $(pwd):/app --env-file=host.env threatrix/threat-agent ./
  only:
    - merge_requests

```